Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported ...
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
10
CVSSv2
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 prior to 4.3.0 allows remote malicious users to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function ...
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.2
Php Php 4.2.3
Php Php 5.1.5
Php Php 5.1.6
1 EDB exploit
5
CVSSv2
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.13
Php Php 5.2.14
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.11
Php Php 5.3.12
Php Php 5.3.2
Php Php 5.3.20
Php Php 5.3.27
Php Php 5.3.28
Php Php 5.3.9
Php Php 5.4.0
Php Php 5.4.13
Php Php 5.4.14
Php Php 5.4.19
Php Php 5.4.2
Php Php 5.4.26
7.5
CVSSv2
CVE-2014-2052
Zend Framework, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Owncloud Owncloud
4.3
CVSSv2
CVE-2015-2934
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG file.
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.20.8
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.7
Mediawiki Mediawiki 1.22.2
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.11
Mediawiki Mediawiki 1.22.12
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.21.9
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
5
CVSSv2
CVE-2017-6441
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of thi...
Php Php 7.1.2
10
CVSSv2
CVE-2015-8617
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x prior to 7.0.1 allows remote malicious users to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handli...
Php Php 7.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2014-6228
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) prior to 3.3.0 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via crafted a...
Facebook Hiphop Virtual Machine
7.1
CVSSv2
CVE-2015-2937
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM or Zend PHP, allows remote malicious users to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long r...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.20.8
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.7
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.11
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.21.9
Mediawiki Mediawiki 1.21.10
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.22.14
Mediawiki Mediawiki 1.23.6
Mediawiki Mediawiki 1.23.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »