Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
294
VMScore
CVE-2011-1072
The installer in PEAR prior to 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Php Pear 0.11
Php Pear 1.0
Php Pear 1.2
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear 1.4.0
Php Pear 0.90
Php Pear 0.10
Php Pear 1.2.1
Php Pear 1.1
Php Pear 1.3
Php Pear 1.4.2
Php Pear 0.2.2
Php Pear 0.9
Php Pear 1.0.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear
Php Pear 1.6.1
Php Pear 1.3.4
Php Pear 1.3.3.1
294
VMScore
CVE-2011-1144
The installer in PEAR 1.9.2 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists be...
Php Pear 1.0
Php Pear 1.0.1
Php Pear 1.2
Php Pear 1.3.4
Php Pear 1.3.3.1
Php Pear 1.3
Php Pear 1.4.0
Php Pear 1.9.1
Php Pear 1.6.1
Php Pear 1.5.1
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear
Php Pear 0.2.2
Php Pear 0.9
Php Pear 0.90
Php Pear 1.2.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear 1.5.0
Php Pear 0.10
510
VMScore
CVE-2011-0420
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent malicious users to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Php Php 5.3.5
2 EDB exploits
445
VMScore
CVE-2010-4698
Stack-based buffer overflow in the GD extension in PHP prior to 5.2.15 and 5.3.x prior to 5.3.4 allows context-dependent malicious users to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.0
Php Php 5.2.4
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.2.3
Php Php 5.2.14
Php Php 5.2.13
Php Php 5.2.11
Php Php 5.3.3
Php Php 5.3.0
605
VMScore
CVE-2010-4697
Use-after-free vulnerability in the Zend engine in PHP prior to 5.2.15 and 5.3.x prior to 5.3.4 might allow context-dependent malicious users to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset...
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.1.6
445
VMScore
CVE-2006-7243
PHP prior to 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent malicious users to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists...
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 4.4.9
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 3.0.8
Php Php 3.0.5
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.8
Php Php 5.2.3
Php Php 5.2.4
2 Articles
445
VMScore
CVE-2010-1914
The Zend Engine in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_funct...
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.7
Php Php 5.3.2
Php Php 5.2.12
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
445
VMScore
CVE-2009-4417
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent malicious users to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
Zend Framework
Zend Framework 1.9.4
Zend Framework 1.9.0
Zend Framework 1.8.3
Zend Framework 1.8.2
Zend Framework 1.8.1
Zend Framework 1.8.0
Zend Framework 1.6.0
Zend Framework 1.0.0
Zend Framework 0.9.3
Zend Framework 1.7.7
Zend Framework 1.7.0
Zend Framework 1.6.2
Zend Framework 1.5.2
Zend Framework 1.5.0
Zend Framework 1.0.4
Zend Framework 1.0.2
Zend Framework 0.9.2
Zend Framework 0.9.0
Zend Framework 0.1.3
Zend Framework 1.9.2
Zend Framework 1.9.1
668
VMScore
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
685
VMScore
CVE-2007-5416
Drupal 5.2 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary PHP code by invoking the drupal_eval fun...
Drupal Drupal
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »