Vulnerabilities (CVE)

Vendor filter

Zend Subscribe

Filter

36 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-0988 3 Zend, Php, Canonical 3 Php, Engine, Ubuntu Linux 2019-10-09 4.3
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only...
CVE-2014-2683 1 Zend 10 Zendservice Audioscrobbler, Zendopenid, Zendrest and 7 more 2019-07-16 5.0
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure...
CVE-2014-2682 1 Zend 10 Zendservice Audioscrobbler, Zendopenid, Zendrest and 7 more 2019-07-16 6.8
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure...
CVE-2014-2681 1 Zend 10 Zendservice Audioscrobbler, Zendopenid, Zendrest and 7 more 2019-07-16 6.4
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure...
CVE-2018-1000841 1 Zend 1 Zendto 2019-02-04 4.3
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be...
CVE-2007-0908 3 Zend, Php, Canonical 3 Php, Engine, Ubuntu Linux 2018-10-30 5.0
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket...
CVE-2007-1285 2 Zend, Php 2 Php, Engine 2018-10-30 5.0
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
CVE-2016-6233 2 Zend, Fedoraproject 2 Zend Framework, Fedora 2018-10-21 7.5
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
CVE-2016-4861 2 Zend, Fedoraproject 2 Zend Framework, Fedora 2018-10-21 7.5
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
CVE-2016-10034 1 Zend 2 Zend-mail, Zend Framework 2018-10-21 7.5
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and...
CVE-2006-5900 1 Zend 1 Zend Framework Preview 2018-10-17 6.8
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
CVE-2006-5717 1 Zend 1 Zend Google Data Client Library Preview 2018-10-17 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php...
CVE-2006-4432 1 Zend 1 Zend Platform 2018-10-17 7.5
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this...
CVE-2006-4431 1 Zend 1 Zend Platform 2018-10-17 7.5
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2)...
CVE-2018-10230 1 Zend 1 Zend Server 2018-05-21 4.3
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
CVE-2014-4914 2 Zend, Debian 2 Zend Framework, Debian Linux 2018-01-17 7.5
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2015-7503 1 Zend 1 Zend Framework 2017-11-05 5.0
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
CVE-2014-8088 1 Zend 1 Zend Framework 2017-11-04 5.0
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
CVE-2014-2685 1 Zend 2 Zend Framework, Zendopenid 2017-11-04 7.5
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows...
CVE-2014-2684 1 Zend 2 Zend Framework, Zendopenid 2017-11-04 6.4
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the...