Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend zend framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
6.1
CVSSv3
CVE-2015-3154
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework prior to 1.12.12, 2.x prior to 2.3.8, and 2.4.x prior to 2.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an...
Zend Zend Framework
9.8
CVSSv3
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote malicious user to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was ...
Zend Zend Framework
9.1
CVSSv3
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
9.8
CVSSv3
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
3 Github repositories
NA
CVE-2014-2681
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
NA
CVE-2014-2682
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
NA
CVE-2014-2683
Zend Framework 1 (ZF1) prior to 1.12.4, Zend Framework 2 prior to 2.1.6 and 2.2.x prior to 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure prior to 2.0.2, ZendService_Amazo...
Zend Zendrest
Zend Zend Framework
Zend Zendservice Slideshare
Zend Zendservice Api
Zend Zendservice Audioscrobbler
Zend Zendservice Amazon
Zend Zendservice Technorati
Zend Zendservice Windowsazure
Zend Zendopenid
Zend Zendservice Nirvanix
NA
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Zend Zend Framework Preview 0.2.0
NA
CVE-2011-3825
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Zend Framework 1.11.3
Zend Server 5.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »