Vulnerabilities reported against Zend Framework, and recommendations for mitigation
- ZF2013-03: Potential SQL injection due to execution of platform-specific SQL containing interpolations
- ZF2013-02: Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components
- ZF2013-01: Route Parameter Injection Via Query String in Zend\Mvc
- ZF2012-05: Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components
- ZF2012-04: Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components
- ZF2012-03: Potential XSS Vectors in Multiple Zend Framework 2 Components
- ZF2012-02: Denial of Service vector via XEE injection
- ZF2012-01: Local file disclosure via XXE injection in Zend_XmlRpc
- ZF2011-02: Potential SQL Injection Vector When Using PDO_MySql
- ZF2011-01: Potential XSS in Development Environment Error View Script
- ZF2010-07: Potential Security Issues in Bundled Dojo Library
- ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
- ZF2010-05: Potential XSS vector in Zend_Service_ReCaptcha_MailHide
- ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
- ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments allowed