Zend Framework (ZF1) is vulnerable to XML External Entity (XXE) attacks. Using these attacks, it is possible to read files, send HTTP requests to intranet servers and cause denial of service (DoS) conditions though CPU and memory consumption.
framework.zend.com/security/advisory/ZF2012-05
openwall.com/lists/oss-security/2012/12/20/2
openwall.com/lists/oss-security/2012/12/20/4
secunia.com/advisories/51583
www.debian.org/security/2012/dsa-2602
www.mandriva.com/security/advisories?name=MDVSA-2013:115
bugzilla.redhat.com/show_bug.cgi?id=889037
framework.zend.com/security/advisory/ZF2012-05