Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend framework vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
5
CVSSv2
CVE-2012-6532
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x prior to 1.11.13 and 1.12.x prior to 1.12.0 allow remote malicious users to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML...
Zend Zend Framework 1.0.4
Zend Zend Framework 1.7.0
Zend Zend Framework 1.7.1
Zend Zend Framework 1.7.8
Zend Zend Framework 1.7.9
Zend Zend Framework 1.9.0
Zend Zend Framework 1.9.1
Zend Zend Framework 1.10.0
Zend Zend Framework 1.10.1
Zend Zend Framework 1.10.8
Zend Zend Framework 1.11.0
Zend Zend Framework 1.5.0
Zend Zend Framework 1.5.1
Zend Zend Framework 1.5.2
Zend Zend Framework 1.7.2
Zend Zend Framework 1.7.3
Zend Zend Framework 1.8.0
Zend Zend Framework 1.8.1
Zend Zend Framework 1.9.2
Zend Zend Framework 1.9.3
Zend Zend Framework 1.9.4
Zend Zend Framework 1.10.2
6.4
CVSSv2
CVE-2012-6531
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x prior to 1.11.13 and 1.12.x prior to 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote malicious users to read arbitrary files or create TCP connections via an external entity reference ...
Zend Zend Framework 1.6.0
Zend Zend Framework 1.6.1
Zend Zend Framework 1.6.2
Zend Zend Framework 1.7.0
Zend Zend Framework 1.7.1
Zend Zend Framework 1.8.4
Zend Zend Framework 1.8.5
Zend Zend Framework 1.9.0
Zend Zend Framework 1.9.1
Zend Zend Framework 1.10.6
Zend Zend Framework 1.10.7
Zend Zend Framework 1.10.8
Zend Zend Framework 1.11.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.5.0
Zend Zend Framework 1.5.2
Zend Zend Framework 1.7.2
Zend Zend Framework 1.7.4
Zend Zend Framework 1.8.1
Zend Zend Framework 1.8.3
Zend Zend Framework 1.9.2
Zend Zend Framework 1.9.4
5
CVSSv2
CVE-2011-3825
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Zend Framework 1.11.3
Zend Server 5.1.0
5
CVSSv2
CVE-2009-4417
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent malicious users to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
Zend Framework
Zend Framework 1.9.4
Zend Framework 1.9.0
Zend Framework 1.8.3
Zend Framework 1.8.2
Zend Framework 1.8.1
Zend Framework 1.8.0
Zend Framework 1.6.0
Zend Framework 1.0.0
Zend Framework 0.9.3
Zend Framework 1.7.7
Zend Framework 1.7.0
Zend Framework 1.6.2
Zend Framework 1.5.2
Zend Framework 1.5.0
Zend Framework 1.0.4
Zend Framework 1.0.2
Zend Framework 0.9.2
Zend Framework 0.9.0
Zend Framework 0.1.3
Zend Framework 1.9.2
Zend Framework 1.9.1
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
7.5
CVSSv2
CVE-2007-1889
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote malicious users to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and ...
Php Php 5.2.0
6.8
CVSSv2
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Zend Zend Framework Preview 0.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4