Download
| Alert*
|
oval:org.secpod.oval:def:104493
Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorously tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and co ... oval:org.secpod.oval:def:104490 Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorously tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and co ... oval:org.secpod.oval:def:104484 Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorously tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and co ... oval:org.secpod.oval:def:602115 The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ... oval:org.secpod.oval:def:602096 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ... oval:org.secpod.oval:def:600939 Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. oval:org.secpod.oval:def:1600258 The Zend_Feed_Rss and Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service via an XML External Entity attack. |
