Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Zend Zend Framework Preview 0.2.0
5
CVSSv2
CVE-2011-3825
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Zend Framework 1.11.3
Zend Server 5.1.0
NA
CVE-2022-4397
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to laun...
Zend-blog-2 Project Zend-blog-2 -
4.3
CVSSv2
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
Zend Zend Framework
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2021-3007
Laminas Project laminas-http prior to 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Fra...
Getlaminas Laminas-http
Zend Zend Framework 3.0.0
4 Github repositories
4.3
CVSSv2
CVE-2006-5717
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unsp...
Zend Zend Google Data Client Library Preview 0.2.0
7.5
CVSSv2
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x prior to 1.10.9 and 1.11.x prior to 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP prior to 5.3.6.
Zend Zend Framework
Php Php
Debian Debian Linux 8.0
1 EDB exploit
7.5
CVSSv2
CVE-2015-7695
The PDO adapters in Zend Framework prior to 1.12.16 do not filer null bytes in SQL statements, which allows remote malicious users to execute arbitrary SQL commands via a crafted query.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2014-4914
The Zend_Db_Select::order function in Zend Framework prior to 1.12.7 does not properly handle parentheses, which allows remote malicious users to conduct SQL injection attacks via unspecified vectors.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2016-6233
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework prior to 1.12.19 might allow remote malicious users to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Zend Zend Framework
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »