CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2007-3998 – php floating point exception inside wordwrap
https://notcve.org/view.php?id=CVE-2007-3998
04 Sep 2007 — The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servici... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 45%CPEs: 2EXPL: 3CVE-2007-3997 – PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass
https://notcve.org/view.php?id=CVE-2007-3997
04 Sep 2007 — The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. Las extensiones (1) MySQL y (2) MySQLi en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos evitar las restricciones safe_mode y open_basedir a través de operaciones MySQL LOCAL INFILE, como se demostró con un consulta con LOAD DATA ... • https://www.exploit-db.com/exploits/4392 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-3996 – php multiple integer overflows in gd
https://notcve.org/view.php?id=CVE-2007-3996
04 Sep 2007 — Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. Múltiples desbordamientos de búfer en libgd de PHP versiones anteriores a 5.2.4 permiten a atacantes remotos provocar una denegación de servicio (caí... • http://bugs.gentoo.org/show_bug.cgi?id=201546 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4586 – PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4586
29 Aug 2007 — Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. Múltiples desbordamientos de búfer en php_iisfunc.dll de la extensión iisfunc para PHP 5.2.0 y... • https://www.exploit-db.com/exploits/4318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4507 – PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4507
23 Aug 2007 — Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. Múltiples desbordamientos de búfer en el componente php_ntuser para PHP 5.2.3 permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio o ejecutar código de su elecció... • https://www.exploit-db.com/exploits/4304 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2007-4441 – PHP 5.2.3 - 'PHP_win32sti' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4441
21 Aug 2007 — Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. Desbordamiento de búfer en php_win32std.dll en la extensión win32std para PHP 5.2.0 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de una cadena larga en el argumento nombre de archivo (filename) en la función win_browse_file. • https://www.exploit-db.com/exploits/4303 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4255 – PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4255
08 Aug 2007 — Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. Desbordamiento de búfer en la extensión mSQL para PHP 5.2.3 permite a atacantes dependientes del contexto ejecutar código de su elección mediante un primer argumento largo a la función msql_connect. • https://www.exploit-db.com/exploits/4260 •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 3CVE-2007-4033 – T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4033
27 Jul 2007 — Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbit... • https://www.exploit-db.com/exploits/30401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2007-4010 – PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-4010
26 Jul 2007 — The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. La extensión win32std en el PHP 5.2.3 no sigue las restricciones del safe_mode y el disable_functions, lo que permite a atacantes remotos ejecutar comandos de su elección a través de la función win_shell_execute. • https://www.exploit-db.com/exploits/4218 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3806 – PHP 5.2.3 - 'glob()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3806
17 Jul 2007 — The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. La función glob en PHP versión 5.2.3, permite a atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor no válido... • https://www.exploit-db.com/exploits/4181 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •