Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend zend framework vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-2682
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
6.8
CVSSv2
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Zend Zend Framework Preview 0.2.0
6.4
CVSSv2
CVE-2015-1555
Zend/Session/SessionManager in Zend Framework 2.2.x prior to 2.2.9, 2.3.x prior to 2.3.4 allows remote malicious users to create valid sessions without using session validators.
Zend Zend Framework 2.2.4
Zend Zend Framework 2.2.2
Zend Zend Framework 2.3.0
Zend Zend Framework 2.2.1
Zend Zend Framework 2.2.0
Zend Zend Framework 2.3.2
Zend Zend Framework 2.3.1
Zend Zend Framework 2.2.8
Zend Zend Framework 2.2.7
Zend Zend Framework 2.2.6
Zend Zend Framework 2.2.5
Zend Zend Framework 2.2.3
Zend Zend Framework 2.3.3
6.4
CVSSv2
CVE-2014-2681
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
6.4
CVSSv2
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
6.4
CVSSv2
CVE-2012-6531
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x prior to 1.11.13 and 1.12.x prior to 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote malicious users to read arbitrary files or create TCP connections via an external entity reference ...
Zend Zend Framework 1.6.0
Zend Zend Framework 1.6.1
Zend Zend Framework 1.6.2
Zend Zend Framework 1.7.0
Zend Zend Framework 1.7.1
Zend Zend Framework 1.8.4
Zend Zend Framework 1.8.5
Zend Zend Framework 1.9.0
Zend Zend Framework 1.9.1
Zend Zend Framework 1.10.6
Zend Zend Framework 1.10.7
Zend Zend Framework 1.10.8
Zend Zend Framework 1.11.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.5.0
Zend Zend Framework 1.5.2
Zend Zend Framework 1.7.2
Zend Zend Framework 1.7.4
Zend Zend Framework 1.8.1
Zend Zend Framework 1.8.3
Zend Zend Framework 1.9.2
Zend Zend Framework 1.9.4
6.4
CVSSv2
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
5
CVSSv2
CVE-2015-7503
Zend Framework prior to 2.4.9, zend-framework/zend-crypt 2.4.x prior to 2.4.9, and 2.5.x prior to 2.5.2 allows remote malicious users to recover the RSA private key.
Zend Zend Framework 2.4.4
Zend Zend Framework 2.4.3
Zend Zend Framework 2.4.2
Zend Zend Framework 2.4.1
Zend Zend Framework 2.5.1
Zend Zend Framework 2.5.0
Zend Zend Framework 2.4.7
Zend Zend Framework 2.4.5
Zend Zend Framework 2.4.0
Zend Zend Framework 2.4.8
Zend Zend Framework 2.4.6
5
CVSSv2
CVE-2014-2683
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
5
CVSSv2
CVE-2014-8088
The (1) Zend_Ldap class in Zend prior to 1.12.9 and (2) Zend\Ldap component in Zend 2.x prior to 2.2.8 and 2.3.x prior to 2.3.3 allows remote malicious users to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Zend Zend Framework
Zend Zend Framework 1.12.0
Zend Zend Framework 2.01
Zend Zend Framework 2.0.0
Zend Zend Framework 1.12.5
Zend Zend Framework 1.12.3
Zend Zend Framework 2.2.3
Zend Zend Framework 2.3.2
Zend Zend Framework 2.3.1
Zend Zend Framework 2.2.5
Zend Zend Framework 2.2.6
Zend Zend Framework 2.2.7
Zend Zend Framework 1.12.2
Zend Zend Framework 1.12.1
Zend Zend Framework 2.2.2
Zend Zend Framework 2.2.4
Zend Zend Framework 2.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »