CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5128
https://notcve.org/view.php?id=CVE-2007-5128
27 Sep 2007 — SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. SimpNews 2.41.03 en Windows, al utilizar PHP anterior a 5.0.0, permite a atacantes remotos obtener información sensible mediante cierto parámetro link_date a events.php, lo cual revela la ruta en un mensaje de error debido a un tip... • http://forum.boesch-it.de/viewtopic.php?t=2791 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4889
https://notcve.org/view.php?id=CVE-2007-4889
14 Sep 2007 — The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. La extensión MySQL de PHP 5.2.4 y versiones anteriores permite a atacantes remotos evitar las restricciones safe_mode y open_basedir mediante las funciones MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, y (3) INTO OUTFILE, asunto diferente de CVE-2007-3997. • http://securityreason.com/securityalert/3134 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4887
https://notcve.org/view.php?id=CVE-2007-4887
14 Sep 2007 — The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. La función dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante una cadena larga en el parámetro library. NOTA. Existen escenarios de uso limit... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4840
https://notcve.org/view.php?id=CVE-2007-4840
12 Sep 2007 — PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. PHP 5.2.4 y anteriores permite a usu... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4825
https://notcve.org/view.php?id=CVE-2007-4825
12 Sep 2007 — Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. Vulnerabilidad de salto de directorio en PHP 5.2.4 y anteriores permite a los atacantes evitar restricciones open_basedir y posiblemente ejecutar código de su elección mediante un .. (punto punto) en la función dl. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2007-4782 – php crash in glob() and fnmatch() functions
https://notcve.org/view.php?id=CVE-2007-4782
10 Sep 2007 — PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. ... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4783
https://notcve.org/view.php?id=CVE-2007-4783
10 Sep 2007 — The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. La función... • http://osvdb.org/38917 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4784
https://notcve.org/view.php?id=CVE-2007-4784
10 Sep 2007 — The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. La función setlocale en PHP anterior 5.2.4 permite a atacantes dependientes del contexto provocar denegación de servicio (caida de aplicación) a través de una cadena larga en el par... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4670 – php malformed cookie handling
https://notcve.org/view.php?id=CVE-2007-4670
05 Sep 2007 — Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. Vulnerabilidad no especificada en PHP anterior a 5.2.4 tiene un impacto desconocido y vectores de ataque, relacionado con un "parche de mejora para MOPB-03-2007," probablemente una variante de CVE-2007-1285. • http://rhn.redhat.com/errata/RHSA-2007-0889.html •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2007-4657
https://notcve.org/view.php?id=CVE-2007-4657
04 Sep 2007 — Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (conte... • http://secunia.com/advisories/26642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •