CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9129 – Format String Injection in Zend Server
https://notcve.org/view.php?id=CVE-2024-9129
22 Oct 2024 — In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino • https://portal.perforce.com/s/detail/a91PA000001SYZFYA4 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-10230
https://notcve.org/view.php?id=CVE-2018-10230
19 Apr 2018 — Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Zend Debugger en Zend Server, en versiones anteriores a la 9.1.3, tiene Cross-Site Scripting (XSS). Esto también se conoce como ZSR-2455. • https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-5382 – IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL
https://notcve.org/view.php?id=CVE-2012-5382
11 Oct 2012 — Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2... • https://www.exploit-db.com/exploits/28130 •