CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0270
https://notcve.org/view.php?id=CVE-2015-0270
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Zend Framework versiones anteriores a 2.2.10 y versiones 2.3.x anteriores a 2.3.5, presenta una Inyección SQL Potencial en el adaptador Zend\Db de PostgreSQL. • https://framework.zend.com/security/advisory/ZF2015-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000841
https://notcve.org/view.php?id=CVE-2018-1000841
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta. Zend.To, en versiones anteriores a la 5.15-1, contiene una vulnerabilidad Cross Site Scripting (XSS) en la página verify.php que puede resultar en que un atacante podría ejecutar código JavaScript arbitrario en el contexto del navegador de la víctima. Este ataque parece ser explotable mediante una petición HTTP POST. • https://zend.to/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10230
https://notcve.org/view.php?id=CVE-2018-10230
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Zend Debugger en Zend Server, en versiones anteriores a la 9.1.3, tiene Cross-Site Scripting (XSS). Esto también se conoce como ZSR-2455. • https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf https://www.zend.com/en/products/server/release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2015-7503
https://notcve.org/view.php?id=CVE-2015-7503
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. Zend Framework en versiones anteriores a la 2.4.9, zend-framework/zend-crypt en versiones 2.4.x anteriores a la 2.4.9 y 2.5.x anteriores a la 2.5.2 permite que atacantes remotos recuperen la clave privada RSA. • https://bugzilla.redhat.com/show_bug.cgi?id=1283137 https://framework.zend.com/security/advisory/ZF2015-10 • CWE-320: Key Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3257
https://notcve.org/view.php?id=CVE-2015-3257
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. Zend/Diactoros/Uri::filterPath en zend-diactoros en versiones anteriores a la 1.0.4 no sanitiza correctamente la entrada de rutas, lo que permite que atacantes remotos realicen ataques de Cross-Site Scripting (XSS) o de redirección abierta. • http://www.securityfocus.com/bid/75466 https://framework.zend.com/security/advisory/ZF2015-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •