CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 3CVE-2007-4033 – T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4033
27 Jul 2007 — Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbit... • https://www.exploit-db.com/exploits/30401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2007-4010 – PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-4010
26 Jul 2007 — The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. La extensión win32std en el PHP 5.2.3 no sigue las restricciones del safe_mode y el disable_functions, lo que permite a atacantes remotos ejecutar comandos de su elección a través de la función win_shell_execute. • https://www.exploit-db.com/exploits/4218 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3806 – PHP 5.2.3 - 'glob()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3806
17 Jul 2007 — The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. La función glob en PHP versión 5.2.3, permite a atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor no válido... • https://www.exploit-db.com/exploits/4181 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 26%CPEs: 69EXPL: 1CVE-2007-3799 – PHP 5.2.3 - EXT/Session HTTP Response Header Injection
https://notcve.org/view.php?id=CVE-2007-3799
16 Jul 2007 — The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. Una función session_start en ext/session en PHP versiones 4.x hasta 4.4.7 y versiones 5.x hasta 5.2.3... • https://www.exploit-db.com/exploits/30130 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3790 – PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3790
15 Jul 2007 — The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. La función com_print_typeinfo en la extensión bz2 en PHP 5.2.3 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio mediante un argumento largo. • https://www.exploit-db.com/exploits/4175 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2007-3378
https://notcve.org/view.php?id=CVE-2007-3378
29 Jun 2007 — The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. Las funciones (1) session_save_path, (2) ini_set y (3) error_log en PHP versión 4.4.7 y versiones anteriores, y PHP versión 5 5.2.3 y versiones anteriores,... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3294 – PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3294
20 Jun 2007 — Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. Múltiples desbordamientos de búfer en libtidy, como es usado en la extensión Tidy para PHP versión 5.2.... • https://www.exploit-db.com/exploits/4080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 25%CPEs: 17EXPL: 1CVE-2007-2872 – PHP 5.1.6 - 'Chunk_Split()' Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2872
04 Jun 2007 — Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. Los múltiples desbordamientos de enteros en la función chunk_split en PHP versión 5 anterior a 5.2.3 y PHP versión 4 anterior a 4.4.8, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de los argument... • https://www.exploit-db.com/exploits/30117 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3007
https://notcve.org/view.php?id=CVE-2007-3007
04 Jun 2007 — PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. PHP versión 5 anterior a 5.2.3 no aplica la restricción open_basedir o safe_mode en ciertos casos, lo que permite a los atacantes dependiendo del contexto determinar la presencia de archivos arbitrarios mediante la ... • http://bugs.php.net/bug.php?id=41492 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0448 – PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass
https://notcve.org/view.php?id=CVE-2007-0448
24 May 2007 — The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. La función fopen del PHP 5.2.0 no maneja adecuadamente agentes URI inválidos, lo que permite a atacantes dependientes del contexto evitar las restricciones del modo seguro y leer ficheros de su elección a través de la especificación de una ruta de fic... • https://www.exploit-db.com/exploits/29528 •