CVE-2007-4586 – PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4586
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. Múltiples desbordamientos de búfer en php_iisfunc.dll de la extensión iisfunc para PHP 5.2.0 y anteriores permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección, probablemente durante una conversión Unicode, como se ha demostrado con una cadena larga en el primer argumento para la función iis_getservicestate, relacionado con el argumento ServideId para las funciones (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, y posiblemente otras. • https://www.exploit-db.com/exploits/4318 http://www.securityfocus.com/bid/25452 https://exchange.xforce.ibmcloud.com/vulnerabilities/36262 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4441 – PHP 5.2.3 - 'PHP_win32sti' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4441
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. Desbordamiento de búfer en php_win32std.dll en la extensión win32std para PHP 5.2.0 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de una cadena larga en el argumento nombre de archivo (filename) en la función win_browse_file. • https://www.exploit-db.com/exploits/4303 https://www.exploit-db.com/exploits/4302 https://www.exploit-db.com/exploits/4293 http://www.securityfocus.com/bid/25414 https://exchange.xforce.ibmcloud.com/vulnerabilities/36118 •
CVE-2007-2872 – PHP 5.1.6 - 'Chunk_Split()' Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2872
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. Los múltiples desbordamientos de enteros en la función chunk_split en PHP versión 5 anterior a 5.2.3 y PHP versión 4 anterior a 4.4.8, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de los argumentos (1) chunks, (2) srclen, y (3) chunklen. • https://www.exploit-db.com/exploits/30117 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/36083 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25456 http://secunia.com/advisories/25535 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2007-2748
https://notcve.org/view.php?id=CVE-2007-2748
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. La función substr_count en PHP 5.2.1 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto obtener información confidencial mediante vectores no especificados, una función afectada distinta de CVE-2007-1375. • http://osvdb.org/34730 http://secunia.com/advisories/26895 http://us2.php.net/releases/5_2_2.php http://www.attrition.org/pipermail/vim/2007-May/001621.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1864 – php libxmlrpc library overflow
https://notcve.org/view.php?id=CVE-2007-1864
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. Desbordamiento de búfer en la librería libxmlrpc incluida en PHP anterior a 4.4.7, y 5.x anterior a 5.2.2, tiene impacto y vectores de ataque remotos desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/34674 http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25445 http://secunia.com/advisories/25660 http://secunia.com/advisories/25938 http://secunia.com/advisories/25945 http://secunia.com/advisories/26048 http://secunia.com/advisories/26102 http://secunia.com/advisories/27377 http://security.gent • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •