Zend » Zend Platform : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 4
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Max CVSS
7.5
EPSS Score
0.51%
Published
2006-08-29
Updated
2018-10-17
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
Max CVSS
7.5
EPSS Score
13.06%
Published
2006-08-29
Updated
2018-10-17
2 vulnerabilities found