FreeBSD : Zend Framework -- multiple vulnerabilities (c9263916-006f-11df-94cb-0050568452ac)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Zend Framework team reports :

Potential XSS or HTML Injection vector in Zend_Json.

Potential XSS vector in Zend_Service_ReCaptcha_MailHide.

Potential MIME-type Injection in Zend_File_Transfer Executive Summary.

Potential XSS vector in Zend_Filter_StripTags when comments allowed.

Potential XSS vector in Zend_Dojo_View_Helper_Editor.

Potential XSS vectors due to inconsistent encodings.

XSS vector in Zend_Filter_StripTags.

LFI vector in Zend_View::setScriptPath() and render().

See also :

http://framework.zend.com/security/advisory/ZF2010-06
http://framework.zend.com/security/advisory/ZF2010-05
http://framework.zend.com/security/advisory/ZF2010-04
http://framework.zend.com/security/advisory/ZF2010-03
http://framework.zend.com/security/advisory/ZF2010-02
http://framework.zend.com/security/advisory/ZF2010-01
http://framework.zend.com/security/advisory/ZF2009-02
http://framework.zend.com/security/advisory/ZF2009-01
http://www.nessus.org/u?90cf70e0

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 43879 (freebsd_pkg_c9263916006f11df94cb0050568452ac.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now