CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2007-1484 – PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow
https://notcve.org/view.php?id=CVE-2007-1484
16 Mar 2007 — The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. La función array_user_key_compare en PHP 4.4.6 y anteriores, y 5.X hasta la 5.2.1, hace una llamada erronea a zval_dtor, lo cual dispara una corrupción de memoria y permite a usuarios locales evitar el safe_mode y ... • https://www.exploit-db.com/exploits/3499 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1475 – PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1475
16 Mar 2007 — Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Múltiples desbordamientos de búfer en las funciones (1) ibase_connect y (2) ibase_pconnect en la extensión iterbase en PHP 4.4.6 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento. • https://www.exploit-db.com/exploits/3488 •
CVSS: 7.5EPSS: 1%CPEs: 63EXPL: 0CVE-2007-1460
https://notcve.org/view.php?id=CVE-2007-1460
14 Mar 2007 — The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. La URL encapsulada zip:// proporcionada por la extensión zip PECL en PHP versiones anteriores a 4.4.7, y versiones 5.2.0 y 5.2.1, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos ZIP ubicados fuera de los di... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 76EXPL: 0CVE-2007-1461
https://notcve.org/view.php?id=CVE-2007-1461
14 Mar 2007 — The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. La URL encapsulada compress.bzip2:// proporcionada por la extensión bz2 en PHP versiones anteriores a 4.4.7, y versiones 5.x anteriores a 5.2.2, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos bzip... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1454
https://notcve.org/view.php?id=CVE-2007-1454
14 Mar 2007 — ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. ext/filter del PHP 5.2.0, cuando el FILTER_SANITIZE_STRING es utilizado con el flag FILTER_FLAG_STRIP_LOW, no deshace convenientemente las etiqu... • http://secunia.com/advisories/25056 •
CVSS: 9.1EPSS: 1%CPEs: 17EXPL: 1CVE-2007-1452 – PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass
https://notcve.org/view.php?id=CVE-2007-1452
14 Mar 2007 — The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. El soporte FDF (ext/fdf) del PHP 5.2.0 y versiones anteriores no implementa enlaces para el filtrado de la entrada para el ext/filter, lo que permite a atacantes remotos evitar los filtros del sitio web mediante un POST application/vnd.fdf formateado. • https://www.exploit-db.com/exploits/3452 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1453 – PHP 5.2 - EXT/Filter Function Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1453
14 Mar 2007 — Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. Desbordamiento de búfer en la macro HP_FILTER_TRIM_DEFAULT en el filtro de extensiones (ext/filter) del PHP 5.2.0 permite a atacantes dependientes del contexto ejecutar código de su elección ll... • https://www.exploit-db.com/exploits/29732 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1412 – PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure
https://notcve.org/view.php?id=CVE-2007-1412
12 Mar 2007 — The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. La función cpdf_open en la extensión ClibPDF (cpdf) para PHP 4.4.6 permiten a atacantes locales o remotos dependiendo del contexto obtener información sensible (código fuente de la secuencia de comandos) mediante una cadena larga en el segundo argumento. • https://www.exploit-db.com/exploits/3442 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 4CVE-2007-1413 – PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1413
12 Mar 2007 — Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). Un desbordamiento de búfer en la función snmpget en la extensión snmp en PHP versión 5.2.3 y anteriores, incluyendo a PHP versión 4.4.6 y probablemente otras versiones 4 de PHP, permite a atacantes dependiendo del contexto ejecutar código arbitrario por me... • https://www.exploit-db.com/exploits/3439 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 6%CPEs: 42EXPL: 0CVE-2007-1396
https://notcve.org/view.php?id=CVE-2007-1396
10 Mar 2007 — The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, ... • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html •