CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4784
https://notcve.org/view.php?id=CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. La función setlocale en PHP anterior 5.2.4 permite a atacantes dependientes del contexto provocar denegación de servicio (caida de aplicación) a través de una cadena larga en el parámetro locale. NOTA: esto podría no ser una vulnerabilida en muchos entornos de servidores web que soporten múltiples hilos, a menos que este asunto pueda demostrarse para ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/38687 http://secunia.com/advisories/27102 http://secunia.com/advisories/28658 http://securityreason.com/securityalert/3114 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.securityfocus.com/archive/1/478627/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36458 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4670 – php malformed cookie handling
https://notcve.org/view.php?id=CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. Vulnerabilidad no especificada en PHP anterior a 5.2.4 tiene un impacto desconocido y vectores de ataque, relacionado con un "parche de mejora para MOPB-03-2007," probablemente una variante de CVE-2007-1285. • http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia.com/advisories/27545 http://secunia.com/advisories/27864 http://support.avaya.com/elm •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4660
https://notcve.org/view.php?id=CVE-2007-4660
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. Vulnerabilidad sin especificar en la función chunk_split del PHP anterior al 5.2.4, tiene un impacto y unos vectores de ataque desconocidos, relacionado con un cálculo de tamaño incorrecto. • http://secunia.com/advisories/26642 http://secunia.com/advisories/27102 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://www.debian.org/security/2008/dsa-1444 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.php.net/ChangeLog-5.php#5.2.4 http://www.php.net/releases/5_2_4.php http:&#x • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4663
https://notcve.org/view.php?id=CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. Vulnerabilidad de salto de directorio en PHP versiones anteriores a 5.2.4 permite a atacantes evitar restricciones open_basedir mediante vectores no especificados involucrando la función glob. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 http://www.php.net/releases/5_2_4.php http://www.vupen.com/english/advisories/2007/3023 https://exchange.xforce.ibmcloud.com/vulnerabilities/36386 https://issues.rpath.com/browse/RPL-1693 https://issues.rpath.com/browse • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4661 – php size calculation in chunk_split
https://notcve.org/view.php?id=CVE-2007-4661
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. La función chunk_split en string.c en PHP 5.2.3 no calcula adecuadamente el tamaño de búfer necesario debido a la pérdida de precisión cuando se realizan operaciones de entero con números con punto flotante, lo cual tiene vectores de ataque e impacto desconocido, posiblemente como resultado de un desbordamiento de búfer basado en pila. NOTA: esto puede ser debido a un parche incompleto para CVE-2007-2872. • http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27864 http://secunia.com/advisories/28658 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •