Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend zend framework vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
4.3
CVSSv2
CVE-2015-3154
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework prior to 1.12.12, 2.x prior to 2.3.8, and 2.4.x prior to 2.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an...
Zend Zend Framework
NA
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote malicious user to execute arbitrary code via the unserialize function.
Zend Zend Framework
6.4
CVSSv2
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
7.5
CVSSv2
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
3 Github repositories
6.4
CVSSv2
CVE-2014-2681
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
6.8
CVSSv2
CVE-2014-2682
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
5
CVSSv2
CVE-2014-2683
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
6.8
CVSSv2
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Zend Zend Framework Preview 0.2.0
5
CVSSv2
CVE-2011-3825
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Zend Framework 1.11.3
Zend Server 5.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »