CVE-2007-2844
https://notcve.org/view.php?id=CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. PHP 4.x y 5.x anterior al 5.2.1, cuando corre bajo sistemas multi-hilo, no asegura la seguridad de los hilos para las llamadas a la función libc crypt utilizando esquemas de protección como el mutex, lo que provoca una condición de carrera que permite a atacantes remotos sobrescribir la memoria de programa interna y obtener acceso al sistema. • http://blog.php-security.org/archives/82-Suhosin-0.9.20-and-crypt-Thread-Safety-Vulnerability.html http://osvdb.org/36088 http://secunia.com/advisories/25434 http://www.securityfocus.com/bid/24109 https://exchange.xforce.ibmcloud.com/vulnerabilities/34601 •
CVE-2007-2748
https://notcve.org/view.php?id=CVE-2007-2748
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. La función substr_count en PHP 5.2.1 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto obtener información confidencial mediante vectores no especificados, una función afectada distinta de CVE-2007-1375. • http://osvdb.org/34730 http://secunia.com/advisories/26895 http://us2.php.net/releases/5_2_2.php http://www.attrition.org/pipermail/vim/2007-May/001621.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-2727
https://notcve.org/view.php?id=CVE-2007-2727
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. La función mcrypt_create_iv en ext/mcrypt/mcrypt.c en PHP anterior a 4.4.7, 5.2.1, y posiblemente 5.0.x y otras versiones PHP 5, llaman a php_rand_r con una variable de cabeza de serie no inicializada y por lo tanto siempre genera el mismo vector de inicialización (IV), lo cual podría permitir a atacantes dependientes del contexto desencriptar ciertos datos más fácilmente debido a que las claves de cifrado son más fáciles de adivinar. • http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html http://bugs.php.net/bug.php?id=40999 http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10 http://osvdb.org/36087 http://secunia.com/advisories/26895 http://www.fortheloot.com/public/mcrypt.patch http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.php.net& •
CVE-2007-2509 – php CRLF injection
https://notcve.org/view.php?id=CVE-2007-2509
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. Vulnerabilidad de inyección de retornos de carro y saltos de línea en la función ftp_putcmd de PHP versiones anteriores a 4.4.7, y 5.x anteriores a 5.2.2 permite a atacantes remotos inyectar comandos FTP de su elección mediante secuencias de retornos de carro y saltos de línea en los parámetros de los susodichos comandos FTP. • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25318 http://secunia.com/advisories/25365 http://secunia.com/advisories/25372 http://secunia.com/advisories/25445 http://secunia.com/advisories/25660 http://secunia.com/advisories/26048 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •
CVE-2007-2510 – php make_http_soap_request flaw
https://notcve.org/view.php?id=CVE-2007-2510
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. Desbordamiento de búfer en la función make_http_soap_request de PHP anterior a 5.2.2 tiene impacto y vectores de ataque remotos desconocidos, posiblemente relacionados con caracteres "/" (barra o slash). • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/34675 http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25318 http://secunia.com/advisories/25372 http://secunia.com/advisories/25445 http://secunia.com/advisories/26048 http://security.gentoo.org/glsa/glsa-200705-19.xml http://us2.php.net/releases/5_2_2.php http://viewcvs.php.net/viewvc& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •