Page 71 of 532 results (0.012 seconds)

CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 3

CVE-2007-3997 – PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass

https://notcve.org/view.php?id=CVE-2007-3997

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. Las extensiones (1) MySQL y (2) MySQLi en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos evitar las restricciones safe_mode y open_basedir a través de operaciones MySQL LOCAL INFILE, como se demostró con un consulta con LOAD DATA LOCAL INFILE. • https://www.exploit-db.com/exploits/4392 http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/28318 http://securityreason.com/securityalert/3102 http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-4.php http:/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0

CVE-2007-3998 – php floating point exception inside wordwrap

https://notcve.org/view.php?id=CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación o bucle infinito) a través de ciertos argumentos, como lo demostrado con el establecimiento del argumento 'chr(0), 0, ""'. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-4586 – PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-4586

Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. Múltiples desbordamientos de búfer en php_iisfunc.dll de la extensión iisfunc para PHP 5.2.0 y anteriores permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección, probablemente durante una conversión Unicode, como se ha demostrado con una cadena larga en el primer argumento para la función iis_getservicestate, relacionado con el argumento ServideId para las funciones (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, y posiblemente otras. • https://www.exploit-db.com/exploits/4318 http://www.securityfocus.com/bid/25452 https://exchange.xforce.ibmcloud.com/vulnerabilities/36262 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-4528 – PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass

https://notcve.org/view.php?id=CVE-2007-4528

The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. La extensión Foreign Function Interface (ffi) en PHP 5.0.5 no respeta las restricciones modo_seguro, lo cual permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección cargando una DLL de su elección, e invocando una función, como se demuestra con kernel32.dll y la función WinExec. NOTA: este asunto no cruza límites de privilegios en la mayoría de los contextos, por tanto quizás no debería ser incluido en CVE. • https://www.exploit-db.com/exploits/4311 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-4507 – PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2007-4507

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. Múltiples desbordamientos de búfer en el componente php_ntuser para PHP 5.2.3 permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio o ejecutar código de su elección mediante argumentos largos para las funciones (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, o (4) ntuser_getdomaincontroller. • https://www.exploit-db.com/exploits/4304 •