Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Zend platform'
2007-03-09
CVE-2007-1370
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
CVE-2007-1369
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
2006-08-28
CVE-2006-4432
CWE-Other
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
CVE-2006-4431
CWE-119
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
>>>
Vendor:
ZEND
23
Products
Server
Zend platform
Zend google data client library preview
Zend framework preview
Engine
Framework
Zend server
Zend framework
Zendto
Zend openid
Zendopenid
Zendrest
Zendservice amazon
Zendservice api
Zendservice audioscrobbler
Zendservice nirvanix
Zendservice slideshare
Zendservice technorati
Zendservice windowsazure
Zend-cache
Zf-apigility-doctrine
Zend-mail
Diactoros
Copyright
2024
, cxsecurity.com
Back to Top