Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-8617
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x prior to 7.0.1 allows remote malicious users to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handli...
Php Php 7.0.1
1 EDB exploit
10
CVSSv2
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 prior to 4.3.0 allows remote malicious users to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function ...
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.2
Php Php 4.2.3
Php Php 5.1.5
Php Php 5.1.6
1 EDB exploit
9.3
CVSSv2
CVE-2006-4482
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP prior to 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
Php Php
Canonical Ubuntu Linux 5.04
Canonical Ubuntu Linux 5.10
Canonical Ubuntu Linux 6.06
Debian Debian Linux 3.1
9.3
CVSSv2
CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP prior to 4.4.3 and 5.x prior to 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be use...
Php Php 3.0.13
Php Php 3.0.14
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.0
Php Php 3.0
Php Php 3.0.15
Php Php 3.0.16
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0.2
7.5
CVSSv2
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported ...
7.5
CVSSv2
CVE-2021-3007
Laminas Project laminas-http prior to 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Fra...
Getlaminas Laminas-http
Zend Zend Framework 3.0.0
4 Github repositories
7.5
CVSSv2
CVE-2020-8986
lib/NSSDropbox.php in ZendTo before 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an malicious user to gain administrative access with a large number of requests.
Zend Zendto 3.10
Zend Zendto 3.11
Zend Zendto 3.12
Zend Zendto 3.13
Zend Zendto 3.20
Zend Zendto 3.51
Zend Zendto 3.52
Zend Zendto 3.53
Zend Zendto 3.54
Zend Zendto 3.55
Zend Zendto 3.56-2
Zend Zendto 3.57
Zend Zendto 3.58
Zend Zendto 3.59
Zend Zendto 3.60
Zend Zendto 3.61
Zend Zendto 3.62
Zend Zendto 3.63
Zend Zendto 3.64
Zend Zendto 3.65
Zend Zendto 3.70-2
Zend Zendto 3.71
7.5
CVSSv2
CVE-2014-8089
SQL injection vulnerability in Zend Framework prior to 1.12.9, 2.2.x prior to 2.2.8, and 2.3.x prior to 2.3.3, when using the sqlsrv PHP extension, allows remote malicious users to execute arbitrary SQL commands via a null byte.
Zend Zend Framework
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
7.5
CVSSv2
CVE-2014-2052
Zend Framework, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Owncloud Owncloud
7.5
CVSSv2
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x prior to 1.10.9 and 1.11.x prior to 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP prior to 5.3.6.
Zend Zend Framework
Php Php
Debian Debian Linux 8.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »