CVE-2007-1380 – PHP < 4.4.5/5.2.1 - PHP_binary Session Deserialization Information Leak
https://notcve.org/view.php?id=CVE-2007-1380
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. El manejador de serialización php_binary en la extensión de sesión de PHP anterior a 4.4.5, y 5.x anterior a 5.2.1, permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) a través de entradas de variables serializables con un valor length, lo cual dispara un desbordamiento de búfer de lectura. • https://www.exploit-db.com/exploits/3413 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://secunia.com/advisories/24514 http://secunia.com/advisories/24606 http://secunia.com/advisories/25025 http://secunia.com/advisories/25056 http://secunia.com/advisories/25057 http: •
CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1287
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •
CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1285
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories • CWE-674: Uncontrolled Recursion •
CVE-2007-0988
https://notcve.org/view.php?id=CVE-2007-0988
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. La función zend_hash_init en PHP versión 5 anterior a 5.2.1 y PHP versión 4 anterior a 4.4.5, cuando se ejecuta en una plataforma de 64 bits, permite a los atacantes dependiendo del contexto causar una denegación de servicio (bucle infinito) al deserializar ciertas expresiones de enteros, que solo causa que argumentos de 32 bits sean usados después de la comprobación de un valor negativo, como es demostrado por un argumento "a:2147483649:{". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://osvdb.org/32762 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0907
https://notcve.org/view.php?id=CVE-2007-0907
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. Desbordamiento de búfer por debajo en PHP anterior a 5.2.1 permite a atacantes provocar una denegación de servicio mediante vectores no especificados involucrando a la función sapi_header_op. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32767 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •