CVSS: 9.8EPSS: 2%CPEs: 72EXPL: 2CVE-2007-1700 – PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow
https://notcve.org/view.php?id=CVE-2007-1700
27 Mar 2007 — The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. La extensión session de PHP 4 anterior a 4.4.5, y PHP 5 anterior a 5.2.1, calcula la cuenta de referencia para las v... • https://www.exploit-db.com/exploits/3571 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2007-1701 – PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite
https://notcve.org/view.php?id=CVE-2007-1701
27 Mar 2007 — PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". PHP 4 anterior a 4.4.5, y PHP 5 anterior a 5.2.1, cuando register_globals está activado, permiten a atacantes locales o remotos dependiendo del contexto ejecutar código de su elección mediante una deseria... • https://www.exploit-db.com/exploits/3572 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 75EXPL: 1CVE-2007-1582 – PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage
https://notcve.org/view.php?id=CVE-2007-1582
21 Mar 2007 — The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. El sistema de recursos en PHP 4.0.0 hasta 4.4.6 y 5.0.0 hasta 5.2.1 permite a atacante dependientes del contexto ejecutar código de su elección mediante interrupciones en ciertas funciones de l... • https://www.exploit-db.com/exploits/3525 •
CVSS: 9.1EPSS: 74%CPEs: 75EXPL: 1CVE-2007-1583 – PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
https://notcve.org/view.php?id=CVE-2007-1583
21 Mar 2007 — The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. La función mb_parse_str del PHP 4.0.0 hasta la 4.4.6 y de la 5.0.0 hasta la 5.2.1 establece la bandera interna del registro global y no ... • https://www.exploit-db.com/exploits/29752 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2007-1521 – PHP 5.2.1 - 'session_regenerate_id()' Double-Free
https://notcve.org/view.php?id=CVE-2007-1521
20 Mar 2007 — Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. Una vulnerabilidad de doble liberación en PHP versiones anteriores a 4.4.7, y versiones 5.x anteriores a 5.2.2, permite a atacantes dependiendo del contexto ejecutar código arbitrario mediante la interrupción de la función session_regene... • https://www.exploit-db.com/exploits/3479 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2007-1484 – PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow
https://notcve.org/view.php?id=CVE-2007-1484
16 Mar 2007 — The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. La función array_user_key_compare en PHP 4.4.6 y anteriores, y 5.X hasta la 5.2.1, hace una llamada erronea a zval_dtor, lo cual dispara una corrupción de memoria y permite a usuarios locales evitar el safe_mode y ... • https://www.exploit-db.com/exploits/3499 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1475 – PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1475
16 Mar 2007 — Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Múltiples desbordamientos de búfer en las funciones (1) ibase_connect y (2) ibase_pconnect en la extensión iterbase en PHP 4.4.6 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento. • https://www.exploit-db.com/exploits/3488 •
CVSS: 7.5EPSS: 1%CPEs: 63EXPL: 0CVE-2007-1460
https://notcve.org/view.php?id=CVE-2007-1460
14 Mar 2007 — The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. La URL encapsulada zip:// proporcionada por la extensión zip PECL en PHP versiones anteriores a 4.4.7, y versiones 5.2.0 y 5.2.1, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos ZIP ubicados fuera de los di... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 76EXPL: 0CVE-2007-1461
https://notcve.org/view.php?id=CVE-2007-1461
14 Mar 2007 — The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. La URL encapsulada compress.bzip2:// proporcionada por la extensión bz2 en PHP versiones anteriores a 4.4.7, y versiones 5.x anteriores a 5.2.2, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos bzip... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 4CVE-2007-1413 – PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1413
12 Mar 2007 — Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). Un desbordamiento de búfer en la función snmpget en la extensión snmp en PHP versión 5.2.3 y anteriores, incluyendo a PHP versión 4.4.6 y probablemente otras versiones 4 de PHP, permite a atacantes dependiendo del contexto ejecutar código arbitrario por me... • https://www.exploit-db.com/exploits/3439 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •