CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4659 – php zend_alter_ini_entry() memory_limit interruption
https://notcve.org/view.php?id=CVE-2007-4659
04 Sep 2007 — The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. La función zend_alter_ini_entry de PHP versiones anteriores a 5.2.4 no gestiona apropiadamente una interrupción al flujo de ejecución disparado por una violación memory_limit, que tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/26642 •
CVSS: 7.1EPSS: 0%CPEs: 88EXPL: 1CVE-2007-4652 – PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass
https://notcve.org/view.php?id=CVE-2007-4652
04 Sep 2007 — The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. La extensión de sesión en PHP versiones anteriores a 5.2.4, podría permitir a usuarios locales omitir las restricciones de open_basedir por medio de un archivo de sesión que representa una vulnerabilidad de tipo symlink. • https://www.exploit-db.com/exploits/10557 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2007-3998 – php floating point exception inside wordwrap
https://notcve.org/view.php?id=CVE-2007-3998
04 Sep 2007 — The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servici... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 45%CPEs: 2EXPL: 3CVE-2007-3997 – PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass
https://notcve.org/view.php?id=CVE-2007-3997
04 Sep 2007 — The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. Las extensiones (1) MySQL y (2) MySQLi en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos evitar las restricciones safe_mode y open_basedir a través de operaciones MySQL LOCAL INFILE, como se demostró con un consulta con LOAD DATA ... • https://www.exploit-db.com/exploits/4392 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-3996 – php multiple integer overflows in gd
https://notcve.org/view.php?id=CVE-2007-3996
04 Sep 2007 — Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. Múltiples desbordamientos de búfer en libgd de PHP versiones anteriores a 5.2.4 permiten a atacantes remotos provocar una denegación de servicio (caí... • http://bugs.gentoo.org/show_bug.cgi?id=201546 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4586 – PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4586
29 Aug 2007 — Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. Múltiples desbordamientos de búfer en php_iisfunc.dll de la extensión iisfunc para PHP 5.2.0 y... • https://www.exploit-db.com/exploits/4318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4528 – PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass
https://notcve.org/view.php?id=CVE-2007-4528
25 Aug 2007 — The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. La extensión Foreign Function Interface (ffi) en PHP 5.0.5 no respeta las restricciones modo_seguro, lo cual permite a ... • https://www.exploit-db.com/exploits/4311 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4507 – PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4507
23 Aug 2007 — Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. Múltiples desbordamientos de búfer en el componente php_ntuser para PHP 5.2.3 permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio o ejecutar código de su elecció... • https://www.exploit-db.com/exploits/4304 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2007-4441 – PHP 5.2.3 - 'PHP_win32sti' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4441
21 Aug 2007 — Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. Desbordamiento de búfer en php_win32std.dll en la extensión win32std para PHP 5.2.0 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de una cadena larga en el argumento nombre de archivo (filename) en la función win_browse_file. • https://www.exploit-db.com/exploits/4303 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4255 – PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4255
08 Aug 2007 — Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. Desbordamiento de búfer en la extensión mSQL para PHP 5.2.3 permite a atacantes dependientes del contexto ejecutar código de su elección mediante un primer argumento largo a la función msql_connect. • https://www.exploit-db.com/exploits/4260 •