CVE search results

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2016-4861

Medium priority

Vulnerable

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2015-7695

Medium priority

Vulnerable

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2015-3154

Medium priority

Vulnerable

CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2015-1555

Medium priority

Ignored

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	—	—	—	Not in release
zendframework	—	—	—	Not affected

CVE-2014-8089

Medium priority

Vulnerable

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2014-8088

Medium priority

Vulnerable

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an...

2 affected packages

zendframework, zend-framework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zendframework	Not in release	Not in release	Not in release	Not affected
zend-framework	Not in release	Not in release	Not in release	Not in release

CVE-2012-6532

Medium priority

Vulnerable

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular...

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2012-6531

Medium priority

Vulnerable

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create...

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2012-5657

Medium priority

Vulnerable

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and...

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

CVE-2012-4451

Medium priority

Vulnerable

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub,...

2 affected packages

zend-framework, zendframework

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zend-framework	Not in release	Not in release	Not in release	Not in release
zendframework	Not in release	Not in release	Not in release	Not affected

Export to JSON

Results by page:

Search CVE reports