RSS   Vulnerabilities for 'Framework'   RSS

2011-09-23
 
CVE-2011-3825

CWE-200
 

 
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.

 
2009-12-24
 
CVE-2009-4417

CWE-264
 

 
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."

 

 >>> Vendor: ZEND 23 Products
Server
Zend platform
Zend google data client library preview
Zend framework preview
Engine
Framework
Zend server
Zend framework
Zendto
Zend openid
Zendopenid
Zendrest
Zendservice amazon
Zendservice api
Zendservice audioscrobbler
Zendservice nirvanix
Zendservice slideshare
Zendservice technorati
Zendservice windowsazure
Zend-cache
Zf-apigility-doctrine
Zend-mail
Diactoros


Copyright 2024, cxsecurity.com

 

Back to Top