CVSS: 9.1EPSS: 1%CPEs: 25EXPL: 2CVE-2008-2107 – PHP 32 bit weak random seed
https://notcve.org/view.php?id=CVE-2008-2107
07 May 2008 — The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. La macro GENERATE_SEED de PHP 4.x versiones anteriores a la 4.4.8 y 5.x versiones anteriores a la 5.2.5, cuando se ejecuta en sistemas ... • http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 2CVE-2008-2108 – PHP weak 64 bit random seed
https://notcve.org/view.php?id=CVE-2008-2108
07 May 2008 — The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. La macro GENERATE_SEED de PHP 4.x versiones anteriores a la 4.4.8 y 5.x versiones anteriores a la 5.2.5, cuando se ejecuta en sistemas de 64 bits, realiza un... • http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html • CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 70%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
05 May 2008 — The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario... • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 3%CPEs: 25EXPL: 1CVE-2008-2050
https://notcve.org/view.php?id=CVE-2008-2050
05 May 2008 — Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. Desbordamiento de búfer basado en pila en el FastCGI SAPI (fastcgi.c) en PHP en versiones anteriores a 5.2.6 tiene impacto y vectores de ataque desconocidos. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 25EXPL: 0CVE-2008-2051 – PHP multibyte shell escape flaw
https://notcve.org/view.php?id=CVE-2008-2051
05 May 2008 — The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." La función escapeshellcmd API en PHP anterior a 5.2.6 tiene impacto desconocido y vectores de ataque dependientes del contexto relacionados con "caracteres multibyte incompletos". • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2008-1384
https://notcve.org/view.php?id=CVE-2008-1384
27 Mar 2008 — Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). Desbordamiento de entero en PHP 5.2.5 y versiones anteriores permite a atacantes dependientes del contexto provocar una denegación de servicio y posiblemente... • http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0145
https://notcve.org/view.php?id=CVE-2008-0145
08 Jan 2008 — Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. Vulnerabilidad no especificada en glob de PHP versiones anteriores a 4.4.8, cuando open_basedir está habilitado, tiene impacto desconocido y vectores de ataque. NOTA: esta vulnerabilidad existe debido a una regresión relativa a CVE-2007-4663. • http://bugs.php.net/bug.php?id=41655 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 2%CPEs: 1EXPL: 0CVE-2007-5899 – php session ID leakage
https://notcve.org/view.php?id=CVE-2007-5899
20 Nov 2007 — The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. La función output_add_rewrite_var en PHP anterior a 5.2.5 rescribe formularios locales en los cuales el atributo ACTION referencia a una URL no local, lo caul permite a atacantes remotos obtener inf... • http://bugs.php.net/bug.php?id=42869 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6039 – PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6039
20 Nov 2007 — PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can b... • https://www.exploit-db.com/exploits/30760 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5900
https://notcve.org/view.php?id=CVE-2007-5900
20 Nov 2007 — PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. PHP anterior a 5.2.5 permite a usuarios locales evitar mecanismos de protección configurados a través de php_admin_value o php_admin_flag en httpd.conf con la utilización de ini_set para modificar variables de configuración de su elección, un asunto diferente que CVE-2006-4625... • http://bugs.php.net/bug.php?id=41561 • CWE-264: Permissions, Privileges, and Access Controls •