Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown
CVE-2015-1555
Disclosure Date: August 07, 2017 (last updated November 26, 2024)
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
0
Attacker Value
Unknown
CVE-2015-1786
Disclosure Date: June 08, 2017 (last updated November 26, 2024)
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
0
Attacker Value
Unknown
CVE-2015-5161
Disclosure Date: August 25, 2015 (last updated October 05, 2023)
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
0
