CVSS: 6.8EPSS: 35%CPEs: 17EXPL: 1CVE-2007-2872 – PHP 5.1.6 - 'Chunk_Split()' Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2872
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. Los múltiples desbordamientos de enteros en la función chunk_split en PHP versión 5 anterior a 5.2.3 y PHP versión 4 anterior a 4.4.8, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de los argumentos (1) chunks, (2) srclen, y (3) chunklen. • https://www.exploit-db.com/exploits/30117 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/36083 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25456 http://secunia.com/advisories/25535 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 3%CPEs: 73EXPL: 0CVE-2007-2844
https://notcve.org/view.php?id=CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. PHP 4.x y 5.x anterior al 5.2.1, cuando corre bajo sistemas multi-hilo, no asegura la seguridad de los hilos para las llamadas a la función libc crypt utilizando esquemas de protección como el mutex, lo que provoca una condición de carrera que permite a atacantes remotos sobrescribir la memoria de programa interna y obtener acceso al sistema. • http://blog.php-security.org/archives/82-Suhosin-0.9.20-and-crypt-Thread-Safety-Vulnerability.html http://osvdb.org/36088 http://secunia.com/advisories/25434 http://www.securityfocus.com/bid/24109 https://exchange.xforce.ibmcloud.com/vulnerabilities/34601 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2748
https://notcve.org/view.php?id=CVE-2007-2748
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. La función substr_count en PHP 5.2.1 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto obtener información confidencial mediante vectores no especificados, una función afectada distinta de CVE-2007-1375. • http://osvdb.org/34730 http://secunia.com/advisories/26895 http://us2.php.net/releases/5_2_2.php http://www.attrition.org/pipermail/vim/2007-May/001621.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 2%CPEs: 59EXPL: 0CVE-2007-2509 – php CRLF injection
https://notcve.org/view.php?id=CVE-2007-2509
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. Vulnerabilidad de inyección de retornos de carro y saltos de línea en la función ftp_putcmd de PHP versiones anteriores a 4.4.7, y 5.x anteriores a 5.2.2 permite a atacantes remotos inyectar comandos FTP de su elección mediante secuencias de retornos de carro y saltos de línea en los parámetros de los susodichos comandos FTP. • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25318 http://secunia.com/advisories/25365 http://secunia.com/advisories/25372 http://secunia.com/advisories/25445 http://secunia.com/advisories/25660 http://secunia.com/advisories/26048 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 2%CPEs: 59EXPL: 0CVE-2007-2510 – php make_http_soap_request flaw
https://notcve.org/view.php?id=CVE-2007-2510
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. Desbordamiento de búfer en la función make_http_soap_request de PHP anterior a 5.2.2 tiene impacto y vectores de ataque remotos desconocidos, posiblemente relacionados con caracteres "/" (barra o slash). • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/34675 http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25318 http://secunia.com/advisories/25372 http://secunia.com/advisories/25445 http://secunia.com/advisories/26048 http://security.gentoo.org/glsa/glsa-200705-19.xml http://us2.php.net/releases/5_2_2.php http://viewcvs.php.net/viewvc& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •