CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2007-1710
https://notcve.org/view.php?id=CVE-2007-1710
27 Mar 2007 — The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. La función readfile de PHP 4.4.4, 5.1.6, Y 5.2.1 permite a usuarios locales o remotos dependiendo del contexto evitar las restricciones del modo seguro (safe_mode) y leer archivos de su elección haciendo referencia a... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 •
CVSS: 9.8EPSS: 2%CPEs: 72EXPL: 2CVE-2007-1700 – PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow
https://notcve.org/view.php?id=CVE-2007-1700
27 Mar 2007 — The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. La extensión session de PHP 4 anterior a 4.4.5, y PHP 5 anterior a 5.2.1, calcula la cuenta de referencia para las v... • https://www.exploit-db.com/exploits/3571 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2007-1711 – PHP 4.4.5/4.4.6 - 'session_decode()' Double-Free (PoC)
https://notcve.org/view.php?id=CVE-2007-1711
27 Mar 2007 — Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). Una vulnerabilidad de doble liberación (Double Free) en la deserialización en PHP versiones 4.4.5 y 4.4.6 permite a los atacantes dependiendo del contexto ejecutar código arbitrario mediante la sobre... • https://www.exploit-db.com/exploits/3586 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2007-1701 – PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite
https://notcve.org/view.php?id=CVE-2007-1701
27 Mar 2007 — PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". PHP 4 anterior a 4.4.5, y PHP 5 anterior a 5.2.1, cuando register_globals está activado, permiten a atacantes locales o remotos dependiendo del contexto ejecutar código de su elección mediante una deseria... • https://www.exploit-db.com/exploits/3572 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1709 – PHP 5.2.1 with PECL PHPDOC - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1709
27 Mar 2007 — Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. Desbordamiento de búfer en la función confirm_phpdoc_compiled de la extensión phpDOC (PECL phpDOC) de PHP 5.2.1 permite a atacantes locales o remotos dependiendo del contexto ejecutar código de su elección mediante una cadena larga como argumento. • https://www.exploit-db.com/exploits/3576 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1649 – PHP 5.2.1 - 'Unserialize()' Local Information Leak
https://notcve.org/view.php?id=CVE-2007-1649
24 Mar 2007 — PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. PHP 5.2.1 permite a atacantes depedientes del contexto leer porciones de la cabecera de memoria a través de la ejecución de ciertos scripts con datos de entrada serializados que comienzan con S:, lo cual no sigue adecuadamente el número de entradas de bytes que han sido procesa... • https://www.exploit-db.com/exploits/3559 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1584 – PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow
https://notcve.org/view.php?id=CVE-2007-1584
21 Mar 2007 — Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. Desbordamiento de búfer en la función header en PHP 5.2.0 permite a atacantes dependientes de contexto ejecutar código de su elección pasando una cadena rellena con espacios en blanco, lo cual provoca que escriba caracteres '\0' en espacios en blanco que preceden... • https://www.exploit-db.com/exploits/3517 •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 4CVE-2007-1581 – PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage
https://notcve.org/view.php?id=CVE-2007-1581
21 Mar 2007 — The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. El sistema de recursos de PHP versión 5.0.0 hasta 5.2.1 permite a los atacantes dependiendo del contexto ejecutar código arbitrario mediante la int... • https://www.exploit-db.com/exploits/3529 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 75EXPL: 1CVE-2007-1582 – PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage
https://notcve.org/view.php?id=CVE-2007-1582
21 Mar 2007 — The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. El sistema de recursos en PHP 4.0.0 hasta 4.4.6 y 5.0.0 hasta 5.2.1 permite a atacante dependientes del contexto ejecutar código de su elección mediante interrupciones en ciertas funciones de l... • https://www.exploit-db.com/exploits/3525 •
CVSS: 9.1EPSS: 74%CPEs: 75EXPL: 1CVE-2007-1583 – PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
https://notcve.org/view.php?id=CVE-2007-1583
21 Mar 2007 — The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. La función mb_parse_str del PHP 4.0.0 hasta la 4.4.6 y de la 5.0.0 hasta la 5.2.1 establece la bandera interna del registro global y no ... • https://www.exploit-db.com/exploits/29752 •