Show filters
57 Total Results
Displaying 21-30 of 57
Sort by:
Attacker Value
Unknown
CVE-2015-0270
Disclosure Date: October 25, 2019 (last updated November 27, 2024)
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
0
Attacker Value
Unknown
CVE-2018-20857
Disclosure Date: July 26, 2019 (last updated November 27, 2024)
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
0
Attacker Value
Unknown
CVE-2018-1000841
Disclosure Date: December 20, 2018 (last updated November 27, 2024)
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.
0
Attacker Value
Unknown
CVE-2018-10230
Disclosure Date: April 19, 2018 (last updated November 26, 2024)
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
0
Attacker Value
Unknown
CVE-2014-4914
Disclosure Date: December 29, 2017 (last updated November 26, 2024)
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
0
Attacker Value
Unknown
CVE-2015-7503
Disclosure Date: October 10, 2017 (last updated November 26, 2024)
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
0
Attacker Value
Unknown
CVE-2015-3257
Disclosure Date: August 25, 2017 (last updated November 26, 2024)
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
0
Attacker Value
Unknown
CVE-2015-1555
Disclosure Date: August 07, 2017 (last updated November 26, 2024)
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
0
Attacker Value
Unknown
CVE-2015-1786
Disclosure Date: June 08, 2017 (last updated November 26, 2024)
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
0
Attacker Value
Unknown
CVE-2016-6233
Disclosure Date: February 17, 2017 (last updated November 08, 2023)
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
0
