Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

framework vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2

CVE-2009-4417

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent malicious users to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
Zend FrameworkZend Framework 0.1.3Zend Framework 0.1.4Zend Framework 0.1.5Zend Framework 0.2.0Zend Framework 0.6.0Zend Framework 0.7.0Zend Framework 0.8.0Zend Framework 0.9.0Zend Framework 0.9.1Zend Framework 0.9.2Zend Framework 0.9.3
4.9
CVSSv2

CVE-2007-0516

Yana Framework prior to 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from thir...
Yana Framework Yana FrameworkYana Framework Yana Framework 2.8Yana Framework Yana Framework 2.8.1Yana Framework Yana Framework 2.8.2aYana Framework Yana Framework 2.8.3a
6.8
CVSSv2

CVE-2015-5161

The Zend_Xml_Security::scan in ZendXml prior to 1.0.1 and Zend Framework prior to 1.12.14, 2.x prior to 2.4.6, and 2.5.x prior to 2.5.2, when running under PHP-FPM in a threaded environment, allows remote malicious users to bypass security checks and conduct XML external entity (...
Zend Zend Framework 1.0.0Zend Zend Framework 1.0.1Zend Zend Framework 1.0.2Zend Zend Framework 1.0.3Zend Zend Framework 1.0.4Zend Zend Framework 1.5.0Zend Zend Framework 1.5.1Zend Zend Framework 1.5.2Zend Zend Framework 1.5.3Zend Zend Framework 1.6.0Zend Zend Framework 1.6.1Zend Zend Framework 1.6.2
7.5
CVSSv2

CVE-2014-2685

The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote malicious users to bypas...
Zend Zend FrameworkZend Zend Framework 1.0.0Zend Zend Framework 1.0.1Zend Zend Framework 1.0.2Zend Zend Framework 1.0.3Zend Zend Framework 1.0.4Zend Zend Framework 1.5.0Zend Zend Framework 1.5.1Zend Zend Framework 1.5.2Zend Zend Framework 1.5.3Zend Zend Framework 1.6.0Zend Zend Framework 1.6.1
6.4
CVSSv2

CVE-2012-6531

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x prior to 1.11.13 and 1.12.x prior to 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote malicious users to read arbitrary files or create TCP connections via an external entity reference ...
Zend Zend Framework 1.0.4Zend Zend Framework 1.5.0Zend Zend Framework 1.5.1Zend Zend Framework 1.5.2Zend Zend Framework 1.5.3Zend Zend Framework 1.6.0Zend Zend Framework 1.6.1Zend Zend Framework 1.6.2Zend Zend Framework 1.7.0Zend Zend Framework 1.7.1Zend Zend Framework 1.7.2Zend Zend Framework 1.7.3
5
CVSSv2

CVE-2012-6532

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x prior to 1.11.13 and 1.12.x prior to 1.12.0 allow remote malicious users to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML...
Zend Zend Framework 1.0.4Zend Zend Framework 1.5.0Zend Zend Framework 1.5.1Zend Zend Framework 1.5.2Zend Zend Framework 1.5.3Zend Zend Framework 1.6.0Zend Zend Framework 1.6.1Zend Zend Framework 1.6.2Zend Zend Framework 1.7.0Zend Zend Framework 1.7.1Zend Zend Framework 1.7.2Zend Zend Framework 1.7.3
7.5
CVSSv3

CVE-2016-9878

An issue exists in Pivotal Spring Framework prior to 3.2.18, 4.2.x prior to 4.2.9, and 4.3.x prior to 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Pivotal Software Spring FrameworkPivotal Software Spring Framework 4.2.0Pivotal Software Spring Framework 4.3.0Vmware Spring Framework 3.2.1Vmware Spring Framework 3.2.2Vmware Spring Framework 3.2.3Vmware Spring Framework 3.2.4Vmware Spring Framework 3.2.5Vmware Spring Framework 3.2.6Vmware Spring Framework 3.2.7Vmware Spring Framework 3.2.8Vmware Spring Framework 3.2.9
9.6
CVSSv3

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in th...
Vmware Spring Framework 3.2.0Vmware Spring Framework 3.2.1Vmware Spring Framework 3.2.2Vmware Spring Framework 3.2.3Vmware Spring Framework 3.2.4Vmware Spring Framework 3.2.5Vmware Spring Framework 3.2.6Vmware Spring Framework 3.2.7Vmware Spring Framework 3.2.8Vmware Spring Framework 3.2.9Vmware Spring Framework 3.2.10Vmware Spring Framework 3.2.11
6.8
CVSSv2

CVE-2013-7315

The Spring MVC in Spring Framework prior to 3.2.4 and 4.0.0.M1 up to and including 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent malicious users to read arbitrary files, cause a denial of service, and conduct CSR...
Springsource Spring Framework 3.0.0Springsource Spring Framework 3.0.0.m1Springsource Spring Framework 3.0.0.m2Springsource Spring Framework 3.0.1Springsource Spring Framework 3.0.2Springsource Spring Framework 3.0.3Springsource Spring Framework 3.0.4Springsource Spring Framework 3.0.5Vmware Spring FrameworkVmware Spring Framework 3.0.6Vmware Spring Framework 3.0.7Vmware Spring Framework 3.1.0
5
CVSSv2

CVE-2014-8088

The (1) Zend_Ldap class in Zend prior to 1.12.9 and (2) Zend\Ldap component in Zend 2.x prior to 2.2.8 and 2.3.x prior to 2.3.3 allows remote malicious users to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Zend Zend FrameworkZend Zend Framework 1.12.0Zend Zend Framework 1.12.1Zend Zend Framework 1.12.2Zend Zend Framework 1.12.3Zend Zend Framework 1.12.5Zend Zend Framework 2.0.0Zend Zend Framework 2.01Zend Zend Framework 2.2.2Zend Zend Framework 2.2.3Zend Zend Framework 2.2.4Zend Zend Framework 2.2.5
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversalCVE-2025-2657CVE-2025-30066CVE-2025-24813apache commons vfsCVE-2025-2478validationCVE-2025-2674code injectionmedical card generation systemmicrosoft edge (chromium-based)CVE-2025-2688cicadascms
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook