NotCVE - vendor:"Php" product:"Php" version:" >= 4.4.0

Page 74 of 420 results (0.043 seconds)

CVSS: 10.0EPSS: 4%CPEs: 77EXPL: 0

CVE-2007-0910

https://notcve.org/view.php?id=CVE-2007-0910

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. La vulnerabilidad no especificada en PHP versión anterior a 5.2.1 permite a los atacantes "golpear" (clobber) ciertas variables super-globales por medio de vectores no especificados • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32763 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •

CVSS: 7.5EPSS: 1%CPEs: 77EXPL: 0

CVE-2007-0906

https://notcve.org/view.php?id=CVE-2007-0906

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). Los múltiples desbordamientos de búfer en PHP versión anterior a 5.2.1 permiten a los atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de vectores no específicos en las extensiones (1) session, (2) zip, (3) imap y (4) sqlite; (5) filtros de flujo; y las funciones (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user y (10) ibase_modify_user. NOTA: el vector 6 podría ser en realidad un desbordamiento de entero (CVE-2007-1885). • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/34706 http://osvdb.org/34707 http://osvdb.org/34708 http://osvdb.org/34709 http://osvdb.org/34710 http://osvdb.org/34711 http://osvdb.org/34712 http://osvdb.org/34713 http://osvdb.org/34714 http://osvdb.org/34715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 2%CPEs: 13EXPL: 1

CVE-2007-0908 – PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak

https://notcve.org/view.php?id=CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. El deserializador WDDX en la extensión wddx en PHP versión 5 anterior a 5.2.1 y PHP versión 4 anterior a 4.4.5, no inicializa apropiadamente la variable key_length para una clave numérica, lo que permite a los atacantes dependiendo del contexto leer la memoria de pila por medio de un elemento wddxPacket que contiene un variable con un nombre de cadena anterior a una variable numérica. • https://www.exploit-db.com/exploits/3414 ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32766 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/2428 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 4%CPEs: 77EXPL: 0

CVE-2007-0907

https://notcve.org/view.php?id=CVE-2007-0907

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. Desbordamiento de búfer por debajo en PHP anterior a 5.2.1 permite a atacantes provocar una denegación de servicio mediante vectores no especificados involucrando a la función sapi_header_op. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32767 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •

CVSS: 7.5EPSS: 2%CPEs: 77EXPL: 0

CVE-2007-0909

https://notcve.org/view.php?id=CVE-2007-0909

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. Múltiples vulnerabilidades de cadena de formato en PHP anterior a 5.2.1 podría permitir a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato a (1) todas las funciones *print en sistemas de 64 bits, y a (2) la función odbc_result_all. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32764 http://osvdb.org/32765 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secu •

1...72 73 74 75 76