CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2007-4783
https://notcve.org/view.php?id=CVE-2007-4783
10 Sep 2007 — The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. La función... • http://osvdb.org/38917 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-4670 – php malformed cookie handling
https://notcve.org/view.php?id=CVE-2007-4670
05 Sep 2007 — Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. Vulnerabilidad no especificada en PHP anterior a 5.2.4 tiene un impacto desconocido y vectores de ataque, relacionado con un "parche de mejora para MOPB-03-2007," probablemente una variante de CVE-2007-1285. • http://rhn.redhat.com/errata/RHSA-2007-0889.html •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4663
https://notcve.org/view.php?id=CVE-2007-4663
04 Sep 2007 — Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. Vulnerabilidad de salto de directorio en PHP versiones anteriores a 5.2.4 permite a atacantes evitar restricciones open_basedir mediante vectores no especificados involucrando la función glob. • http://secunia.com/advisories/26642 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2007-4661 – php size calculation in chunk_split
https://notcve.org/view.php?id=CVE-2007-4661
04 Sep 2007 — The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. La función chunk_split en string.c en PHP 5.2.3 no calcula adecuadamente el tamaño de búfer necesario debido a la pérdida de precisión cuando se realizan operaciones de e... • http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 69EXPL: 0CVE-2007-4658 – php money_format format string issue
https://notcve.org/view.php?id=CVE-2007-4658
04 Sep 2007 — The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. La función money_format en PHP versiones 5 anteriores a 5.2.4, y PHP versiones 4 anteriores a 4.4.8, permite múltiples tokens (1) %i y (2) %n, que tienen un impacto desconocido y vectores de ataque, posiblemente relacionados con una vulnerabilidad de cadena de formato. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4660
https://notcve.org/view.php?id=CVE-2007-4660
04 Sep 2007 — Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. Vulnerabilidad sin especificar en la función chunk_split del PHP anterior al 5.2.4, tiene un impacto y unos vectores de ataque desconocidos, relacionado con un cálculo de tamaño incorrecto. • http://secunia.com/advisories/26642 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2007-4657
https://notcve.org/view.php?id=CVE-2007-4657
04 Sep 2007 — Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (conte... • http://secunia.com/advisories/26642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4662
https://notcve.org/view.php?id=CVE-2007-4662
04 Sep 2007 — Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. Desbordamiento de búfer en la función php_openssl_make_REQ de PHP versiones anteriores a 5.2.4 tiene impacto desconocido y vectores de ataque. • http://secunia.com/advisories/26642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4659 – php zend_alter_ini_entry() memory_limit interruption
https://notcve.org/view.php?id=CVE-2007-4659
04 Sep 2007 — The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. La función zend_alter_ini_entry de PHP versiones anteriores a 5.2.4 no gestiona apropiadamente una interrupción al flujo de ejecución disparado por una violación memory_limit, que tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/26642 •
CVSS: 7.1EPSS: 0%CPEs: 88EXPL: 1CVE-2007-4652 – PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass
https://notcve.org/view.php?id=CVE-2007-4652
04 Sep 2007 — The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. La extensión de sesión en PHP versiones anteriores a 5.2.4, podría permitir a usuarios locales omitir las restricciones de open_basedir por medio de un archivo de sesión que representa una vulnerabilidad de tipo symlink. • https://www.exploit-db.com/exploits/10557 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •