Zend Platform vulnerabilities
4 known vulnerabilities affecting zend/zend_platform.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-1369P4MEDIUMCVSS 4.4PoC≤ 2.2.32007-03-09
CVE-2007-1369 [MEDIUM] CVE-2007-1369: ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the sys
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
nvd
CVE-2006-4431P4HIGHCVSS 7.5≤ 2.2.1a2006-08-29
CVE-2006-4431 [HIGH] CWE-119 CVE-2006-4431: Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
nvd
CVE-2006-4432P4HIGHCVSS 7.5≤ 2.2.1a2006-08-29
CVE-2006-4432 [HIGH] CVE-2006-4432: Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to over
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
nvd
CVE-2007-1370P4MEDIUMCVSS 6.2v2.2.1a2007-03-09
CVE-2007-1370 [MEDIUM] CVE-2007-1370: Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which al
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
nvd