Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-1072
The installer in PEAR prior to 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Php Pear 0.11
Php Pear 1.0
Php Pear 1.2
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear 1.4.0
Php Pear 0.90
Php Pear 0.10
Php Pear 1.2.1
Php Pear 1.1
Php Pear 1.3
Php Pear 1.4.2
Php Pear 0.2.2
Php Pear 0.9
Php Pear 1.0.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear
Php Pear 1.6.1
Php Pear 1.3.4
Php Pear 1.3.3.1
NA
CVE-2011-1144
The installer in PEAR 1.9.2 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists be...
Php Pear 1.0
Php Pear 1.0.1
Php Pear 1.2
Php Pear 1.3.4
Php Pear 1.3.3.1
Php Pear 1.3
Php Pear 1.4.0
Php Pear 1.9.1
Php Pear 1.6.1
Php Pear 1.5.1
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear
Php Pear 0.2.2
Php Pear 0.9
Php Pear 0.90
Php Pear 1.2.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear 1.5.0
Php Pear 0.10
NA
CVE-2011-0420
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent malicious users to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Php Php 5.3.5
2 EDB exploits
NA
CVE-2010-4698
Stack-based buffer overflow in the GD extension in PHP prior to 5.2.15 and 5.3.x prior to 5.3.4 allows context-dependent malicious users to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.0
Php Php 5.2.4
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.2.3
Php Php 5.2.14
Php Php 5.2.13
Php Php 5.2.11
Php Php 5.3.3
Php Php 5.3.0
NA
CVE-2006-7243
PHP prior to 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent malicious users to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists...
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 4.4.9
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 3.0.8
Php Php 3.0.5
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.8
Php Php 5.2.3
Php Php 5.2.4
2 Articles
NA
CVE-2010-4697
Use-after-free vulnerability in the Zend engine in PHP prior to 5.2.15 and 5.3.x prior to 5.3.4 might allow context-dependent malicious users to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset...
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.1.6
NA
CVE-2010-1914
The Zend Engine in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_funct...
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.7
Php Php 5.3.2
Php Php 5.2.12
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
NA
CVE-2009-4417
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent malicious users to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
Zend Framework
Zend Framework 1.9.4
Zend Framework 1.9.0
Zend Framework 1.8.3
Zend Framework 1.8.2
Zend Framework 1.8.1
Zend Framework 1.8.0
Zend Framework 1.6.0
Zend Framework 1.0.0
Zend Framework 0.9.3
Zend Framework 1.7.7
Zend Framework 1.7.0
Zend Framework 1.6.2
Zend Framework 1.5.2
Zend Framework 1.5.0
Zend Framework 1.0.4
Zend Framework 1.0.2
Zend Framework 0.9.2
Zend Framework 0.9.0
Zend Framework 0.1.3
Zend Framework 1.9.2
Zend Framework 1.9.1
NA
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
NA
CVE-2007-5416
Drupal 5.2 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary PHP code by invoking the drupal_eval fun...
Drupal Drupal
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »