CVE-2007-5128
https://notcve.org/view.php?id=CVE-2007-5128
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. SimpNews 2.41.03 en Windows, al utilizar PHP anterior a 5.0.0, permite a atacantes remotos obtener información sensible mediante cierto parámetro link_date a events.php, lo cual revela la ruta en un mensaje de error debido a un tipo de argumento no soportado por la función mktime en Windows. • http://forum.boesch-it.de/viewtopic.php?t=2791 http://securityreason.com/securityalert/3174 http://www.netvigilance.com/advisory0068 http://www.securityfocus.com/archive/1/480588/100/0/threaded • CWE-20: Improper Input Validation •
CVE-2007-4889
https://notcve.org/view.php?id=CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. La extensión MySQL de PHP 5.2.4 y versiones anteriores permite a atacantes remotos evitar las restricciones safe_mode y open_basedir mediante las funciones MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, y (3) INTO OUTFILE, asunto diferente de CVE-2007-3997. • http://securityreason.com/securityalert/3134 http://www.securityfocus.com/archive/1/479082/100/0/threaded http://www.securityfocus.com/archive/1/479187/100/200/threaded http://www.securityfocus.com/archive/1/479189/100/200/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36555 •
CVE-2007-4887
https://notcve.org/view.php?id=CVE-2007-4887
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. La función dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante una cadena larga en el parámetro library. NOTA. Existen escenarios de uso limitado bajo los cuales esto sería una vulnerabilidad. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28750 http://secunia.com/advisories/29420 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3133 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http: • CWE-20: Improper Input Validation •
CVE-2007-4840
https://notcve.org/view.php?id=CVE-2007-4840
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. PHP 5.2.4 y anteriores permite a usuarios locales o remotos dependiendo del contexto provocar una denegación de serviciO (caída de aplicación) mediante (1) una cadena larga en el parámetro out_charset para la función iconf; o una cadena larga en el parámetro charset para las funciones (2) iconv_mime_decode_headers, (3) iconv_mime_decode, o (4) iconf_strlen. NOTA: esto no podrían ser una vulnerabilidad en la mayoría de los entornos de servidor web que soportan múltiples hilos, a no ser que se pueda demostrar que estos problemas permiten ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/38916 http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28658 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3122 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.securityfocus.com/archive/1/478730/100/0/threaded http://www.securi • CWE-20: Improper Input Validation •
CVE-2007-4825
https://notcve.org/view.php?id=CVE-2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. Vulnerabilidad de salto de directorio en PHP 5.2.4 y anteriores permite a los atacantes evitar restricciones open_basedir y posiblemente ejecutar código de su elección mediante un .. (punto punto) en la función dl. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/45902 http://secunia.com/advisories/27102 http://secunia.com/advisories/28658 http://securityreason.com/securityalert/3119 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.5 http://www.php.net/releases/5_2_5.php http://www.securityfocus.com/archive/1/478985/100/0/threaded http://www.securityfocus.com/archive/1/478988/100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •