CVE-2007-4441 – PHP 5.2.3 - 'PHP_win32sti' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4441
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. Desbordamiento de búfer en php_win32std.dll en la extensión win32std para PHP 5.2.0 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de una cadena larga en el argumento nombre de archivo (filename) en la función win_browse_file. • https://www.exploit-db.com/exploits/4303 https://www.exploit-db.com/exploits/4302 https://www.exploit-db.com/exploits/4293 http://www.securityfocus.com/bid/25414 https://exchange.xforce.ibmcloud.com/vulnerabilities/36118 •
CVE-2007-4255 – PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4255
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. Desbordamiento de búfer en la extensión mSQL para PHP 5.2.3 permite a atacantes dependientes del contexto ejecutar código de su elección mediante un primer argumento largo a la función msql_connect. • https://www.exploit-db.com/exploits/4260 https://www.exploit-db.com/exploits/4270 http://www.securityfocus.com/archive/1/475660/100/0/threaded http://www.securityfocus.com/bid/25213 https://exchange.xforce.ibmcloud.com/vulnerabilities/35830 •
CVE-2007-4033 – T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4033
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de un parámetro FileName largo. NOTA: este problema se reportó originalmente de estar en la función imagepsloadfont en la biblioteca php_gd2.dll en la extensión gd (PHP_GD2) en PHP versión 5.2.3. • https://www.exploit-db.com/exploits/30401 https://www.exploit-db.com/exploits/4227 http://bugs.gentoo.org/show_bug.cgi?id=193437 http://fedoranews.org/updates/FEDORA-2007-234.shtml http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4010 – PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-4010
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. La extensión win32std en el PHP 5.2.3 no sigue las restricciones del safe_mode y el disable_functions, lo que permite a atacantes remotos ejecutar comandos de su elección a través de la función win_shell_execute. • https://www.exploit-db.com/exploits/4218 http://www.securityfocus.com/bid/25041 https://exchange.xforce.ibmcloud.com/vulnerabilities/35604 •
CVE-2007-3806 – PHP 5.2.3 - 'glob()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. La función glob en PHP versión 5.2.3, permite a atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor no válido del parámetro flags, probablemente relacionado con la corrupción de memoria o una lectura no válida en plataformas win32, y posiblemente relacionado con la falta de inicialización para una estructura glob. • https://www.exploit-db.com/exploits/4181 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log http://osvdb.org/36085 http://secunia.com/advisories/26085 http://secunia.com/advisories/26642 http://secunia.com/advisories/27102 http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://www.debian.org/security/2008/dsa-1572 http://www.debian. • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •