Page 64 of 347 results (0.012 seconds)

CVSS: 6.8EPSS: 10%CPEs: 1EXPL: 3

CVE-2007-1411 – PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-1411

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. Desbordamiento de búfer en PHP 4.4.6 y versiones anteriores, y versiones no especificadas de PHP 5, permite a usuarios locales y posiblemente remotos ejecutar código de su elección mediante argumentos de nombre de servidor larga en las funciones (1) mssql_connect y (2) mssql_pconnect. • https://www.exploit-db.com/exploits/3417 http://retrogod.altervista.org/php_446_mssql_connect_bof.html http://secunia.com/advisories/24353 http://securityreason.com/securityalert/2407 http://www.securityfocus.com/archive/1/462010/100/0/threaded http://www.securityfocus.com/bid/22832 http://www.vupen.com/english/advisories/2007/0867 https://exchange.xforce.ibmcloud.com/vulnerabilities/32885 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2

CVE-2007-1375 – PHP 5.2.1 - 'substr_compare()' Information Leak

https://notcve.org/view.php?id=CVE-2007-1375

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. Desbordamiento de enteros en la función substr_compare en PHP 5.2.1 y anteriores permite a atacantes dependientes del contexto leer memoria sensible a través de un valor en el argumento length, un vulnerabilidad diferente que CVE-2006-1991. • https://www.exploit-db.com/exploits/3424 http://secunia.com/advisories/24606 http://secunia.com/advisories/25056 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 http://secunia.com/advisories/26895 http://security.gentoo.org/glsa/glsa-200703-21.xml http://us2.php.net/releases/5_2_2.php http://www.debian.org/security/2007/dsa-1283 http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories •

CVSS: 6.8EPSS: 16%CPEs: 1EXPL: 4

CVE-2007-1286 – PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC)

https://notcve.org/view.php?id=CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. Desbordamiento de entero en PHP 4.4.4 y anteriores permiten a atacantes dependientes de contexto ejecutar código de su elección mediante el paso de una cadena larga a la función unserialize, lo cual provoca el desbordamiento en el contador de referencias ZVAL. • https://www.exploit-db.com/exploits/3396 https://www.exploit-db.com/exploits/16310 https://www.exploit-db.com/exploits/9939 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia& •

CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 3

CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service

https://notcve.org/view.php?id=CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories&#x • CWE-674: Uncontrolled Recursion •

CVSS: 10.0EPSS: 4%CPEs: 77EXPL: 0

CVE-2007-0910

https://notcve.org/view.php?id=CVE-2007-0910

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. La vulnerabilidad no especificada en PHP versión anterior a 5.2.1 permite a los atacantes "golpear" (clobber) ciertas variables super-globales por medio de vectores no especificados • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32763 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •