Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-2052
Zend Framework, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Owncloud Owncloud
4.3
CVSSv2
CVE-2015-3154
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework prior to 1.12.12, 2.x prior to 2.3.8, and 2.4.x prior to 2.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an...
Zend Zend Framework
4.3
CVSSv2
CVE-2012-4451
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x prior to 2.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) V...
Zend Zend Framework
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
4.3
CVSSv2
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
Zend Zend Framework
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x prior to 1.10.9 and 1.11.x prior to 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP prior to 5.3.6.
Zend Zend Framework
Php Php
Debian Debian Linux 8.0
1 EDB exploit
7.5
CVSSv2
CVE-2015-0270
Zend Framework prior to 2.2.10 and 2.3.x prior to 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
Zend Framework
4.3
CVSSv2
CVE-2018-1000841
Zend.To version before 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request...
Zend Zendto
4.3
CVSSv2
CVE-2018-10230
Zend Debugger in Zend Server prior to 9.1.3 has XSS, aka ZSR-2455.
Zend Zend Server
7.5
CVSSv2
CVE-2014-4914
The Zend_Db_Select::order function in Zend Framework prior to 1.12.7 does not properly handle parentheses, which allows remote malicious users to conduct SQL injection attacks via unspecified vectors.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2015-7503
Zend Framework prior to 2.4.9, zend-framework/zend-crypt 2.4.x prior to 2.4.9, and 2.5.x prior to 2.5.2 allows remote malicious users to recover the RSA private key.
Zend Zend Framework 2.4.4
Zend Zend Framework 2.4.3
Zend Zend Framework 2.4.2
Zend Zend Framework 2.4.1
Zend Zend Framework 2.5.1
Zend Zend Framework 2.5.0
Zend Zend Framework 2.4.7
Zend Zend Framework 2.4.5
Zend Zend Framework 2.4.0
Zend Zend Framework 2.4.8
Zend Zend Framework 2.4.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »