CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2007-3998 – php floating point exception inside wordwrap
https://notcve.org/view.php?id=CVE-2007-3998
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación o bucle infinito) a través de ciertos argumentos, como lo demostrado con el establecimiento del argumento 'chr(0), 0, ""'. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3996 – php multiple integer overflows in gd
https://notcve.org/view.php?id=CVE-2007-3996
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. Múltiples desbordamientos de búfer en libgd de PHP versiones anteriores a 5.2.4 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante un valor largo (1) srcW ó (2) srcH en la función gdImageCopyResized, o un valor largo (3) sy (altura) ó (4) sx (anchura) en la función (b) gdImageCreate ó (c) gdImageCreateTrueColor. • http://bugs.gentoo.org/show_bug.cgi?id=201546 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4507 – PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4507
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. Múltiples desbordamientos de búfer en el componente php_ntuser para PHP 5.2.3 permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio o ejecutar código de su elección mediante argumentos largos para las funciones (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, o (4) ntuser_getdomaincontroller. • https://www.exploit-db.com/exploits/4304 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4255 – PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4255
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. Desbordamiento de búfer en la extensión mSQL para PHP 5.2.3 permite a atacantes dependientes del contexto ejecutar código de su elección mediante un primer argumento largo a la función msql_connect. • https://www.exploit-db.com/exploits/4260 https://www.exploit-db.com/exploits/4270 http://www.securityfocus.com/archive/1/475660/100/0/threaded http://www.securityfocus.com/bid/25213 https://exchange.xforce.ibmcloud.com/vulnerabilities/35830 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2007-4033 – T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4033
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de un parámetro FileName largo. NOTA: este problema se reportó originalmente de estar en la función imagepsloadfont en la biblioteca php_gd2.dll en la extensión gd (PHP_GD2) en PHP versión 5.2.3. • https://www.exploit-db.com/exploits/30401 https://www.exploit-db.com/exploits/4227 http://bugs.gentoo.org/show_bug.cgi?id=193437 http://fedoranews.org/updates/FEDORA-2007-234.shtml http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •