zendframework/zendframework1 Security Advisories (34)
-
[MEDIUM] Zend Framework XEE Vulnerability
PKSA-9v57-gxnf-ggq8 CVE-2012-6531 GHSA-h5p3-7mg6-hgj4
Affected version: >=1.12.0-rc1,<1.12.0|>=1.0,<1.11.13
Reported by:
GitHub -
[MEDIUM] Zend Framework XXE Vulnerability
PKSA-6k49-tm57-6c4z CVE-2012-5657 GHSA-9m5v-vq4f-mrvf
Affected version: >=1.12.0-rc1,<1.12.1|<1.11.15
Reported by:
GitHub -
[MEDIUM] Zend Framework XEE Vulnerability
PKSA-4cn5-143w-bwh1 CVE-2012-6532 GHSA-jh4x-4wmf-67pr
Affected version: >=1.12.0-rc1,<1.12.0|>=1.0,<1.11.13
Reported by:
GitHub -
[MEDIUM] Zend Framework XXE Vulnerability
PKSA-9336-p9y5-q64w CVE-2012-3363 GHSA-7pg4-5233-82jv
Affected version: >=1.0.0,<1.11.12|>=1.12.0-rc1,<1.12.0
Reported by:
GitHub -
[CRITICAL] Zend Framework SQL injection vector using null byte for PDO
PKSA-4bm5-6799-t9s8 CVE-2015-7695 GHSA-2hvh-c5c2-vj85
Affected version: <1.12.16
Reported by:
GitHub -
[MEDIUM] Several Zend Products Vulnerable to XXE and XEE attacks
PKSA-7tbc-4p3k-67wb CVE-2014-2683 GHSA-5wm2-38q5-5rxv
Affected version: <1.12.4
Reported by:
GitHub -
[MEDIUM] Several Zend Products Vulnerable to XXE and XEE attacks
PKSA-7jnn-xn3f-kf8r CVE-2014-2682 GHSA-gp39-h9c2-qw79
Affected version: <1.12.4
Reported by:
GitHub -
[MEDIUM] Several Zend Products Vulnerable to XXE and XEE attacks
PKSA-x1xp-mbsx-211w CVE-2014-2681 GHSA-43xg-87xw-jpv8
Affected version: <1.12.4
Reported by:
GitHub -
Potential SQL injection in ORDER and GROUP functions of ZF1
Affected version: <1.12.20
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
PKSA-8gbh-rfqt-hz91 CVE-2016-6233 GHSA-p9hp-3gpv-52w3
Affected version: <1.12.19
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Potential Insufficient Entropy Vulnerability in ZF1
Affected version: >=1.12.0,<1.12.18
Reported by:
FriendsOfPHP/security-advisories -
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
Affected version: >=1.12.0,<1.12.17
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Filesystem Permissions Issues in Multiple Components
PKSA-gk48-4tyq-1mz2 CVE-2015-5723 GHSA-pw5c-xqf2-6xc2
Affected version: >=1.12.0,<1.12.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Affected version: >=1.12.0,<1.12.16
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] XXE/XEE vector when using ZendXml on multibyte payloads
PKSA-wkm6-gzx7-1qtv CVE-2015-5161 GHSA-xp8p-9rq5-4wgv
Affected version: >=1.12.0,<1.12.14
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential CRLF injection attacks in mail and HTTP headers
PKSA-t57f-zdqy-25cs CVE-2015-3154 GHSA-5957-5crx-79jx
Affected version: >=1.12.0,<1.12.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] SQL injection vector when manually quoting values for sqlsrv extension, using null byte
PKSA-7r13-9y1m-j63k CVE-2014-8089 GHSA-qh9w-r7g5-q939
Affected version: >=1.12.0,<1.12.9
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Anonymous authentication in ldap_bind() function of PHP, using null byte
PKSA-3shc-t8pf-jqw7 CVE-2014-8088 GHSA-f6rc-rh43-h8gr
Affected version: >=1.12.0,<1.12.9
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Potential SQL injection in the ORDER implementation of Zend_Db_Select
Affected version: >=1.12.0,<1.12.7
Reported by:
FriendsOfPHP/security-advisories -
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
Affected version: >=1.12.0,<1.12.4
Reported by:
FriendsOfPHP/security-advisories -
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
Affected version: >=1.12.0,<1.12.4
Reported by:
FriendsOfPHP/security-advisories -
Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component
Affected version: >=1.11.0,<1.11.15|>=1.12.0,<1.12.1
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Local file disclosure via XXE injection in Zend_XmlRpc
Affected version: >=1.0.0,<1.11.13
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS in Development Environment Error View Script
Affected version: >=1.0.0,<1.11.4
Reported by:
FriendsOfPHP/security-advisories -
Potential SQL Injection Vector When Using PDO_MySql
Affected version: >=1.10.0,<1.10.9|>=1.11.0,<1.11.6
Reported by:
FriendsOfPHP/security-advisories -
Potential Security Issues in Bundled Dojo Library
Affected version: >=1.9.0,<1.9.8|>=1.10.0,<1.10.3
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS vector in Zend_Dojo_View_Helper_Editor
Affected version: >=1.7.0,<1.7.9|>=1.8.0,<1.8.5|>=1.9.0,<1.9.7
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS vectors due to inconsistent encodings
Affected version: >=1.9.0,<1.9.7
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS vector in Zend_Service_ReCaptcha_MailHide
Affected version: >=1.7.0,<1.7.9|>=1.8.0,<1.8.5|>=1.9.0,<1.9.7
Reported by:
FriendsOfPHP/security-advisories -
Potential Security Issues in Bundled Dojo Library
Affected version: >=1.7.0,<1.7.9|>=1.8.0,<1.8.5|>=1.9.0,<1.9.7
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS vector in Zend_Filter_StripTags when comments allowed
Affected version: >=1.7.0,<1.7.9|>=1.8.0,<1.8.5|>=1.9.0,<1.9.7
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
LFI vector in Zend_View::setScriptPath() and render()
Affected version: >=1.7.0,<1.7.5
Reported by:
FriendsOfPHP/security-advisories