CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2012-6532
https://notcve.org/view.php?id=CVE-2012-6532
13 Feb 2013 — (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, y (4) Zend_XmlRpc en Zend Framework v1.x antes de v1.11.13 y antes v1.12.0 1.12.x de permitir a atacantes remotos provocar una denegac... • http://framework.zend.com/security/advisory/ZF2012-02 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 61EXPL: 2CVE-2009-4417
https://notcve.org/view.php?id=CVE-2009-4417
24 Dec 2009 — The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." La función shutdown en la clase Zend_Log_Writer_Mail en Zend Framework (ZF) permite a atacantes dependientes del contexto enviar mensajes e-mail de su lección a varias direcciones a través de vectores relacionados con "events not yet mailed." • http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability • CWE-264: Permissions, Privileges, and Access Controls •