Page 75 of 461 results (0.013 seconds)

CVSS: 5.0EPSS: 4%CPEs: 77EXPL: 0

CVE-2007-0907

https://notcve.org/view.php?id=CVE-2007-0907

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. Desbordamiento de búfer por debajo en PHP anterior a 5.2.1 permite a atacantes provocar una denegación de servicio mediante vectores no especificados involucrando a la función sapi_header_op. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32767 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •

CVSS: 7.5EPSS: 2%CPEs: 77EXPL: 0

CVE-2007-0909

https://notcve.org/view.php?id=CVE-2007-0909

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. Múltiples vulnerabilidades de cadena de formato en PHP anterior a 5.2.1 podría permitir a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato a (1) todas las funciones *print en sistemas de 64 bits, y a (2) la función odbc_result_all. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32764 http://osvdb.org/32765 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secu •

CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 0

CVE-2007-0455 – gd: buffer overrun

https://notcve.org/view.php?id=CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Desbordamiento de búfer en la función gdImageStringFTEx en gdft.c de GD Graphics Library 2.0.33 y anteriores permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección mediante una cadena manipulada con una fuente JIS codificada. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 3

CVE-2006-6383 – PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass

https://notcve.org/view.php?id=CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. PHP 5.2.0 y 4.4 permite a usuarios locales evitar restricciones safe_mode y open_basedir a través de una ruta maliciosa y un byte nulo anterior a ";" en el argumento session_save_path, seguido por una ruta permitida, lo caul provoca una inconsistencia de validación en el cual PHP valida la ruta permitida pero asigna session.save_path a la ruta maliciosa. • https://www.exploit-db.com/exploits/29239 http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7&r2=1.336.2.53.2.8 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://secunia.com/advisories/24022 http://secunia.com/advisories/24514 http://securityreason.com/achievement_securityalert/43 http://securityreason.com/securityalert/2000 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 http://www.openpkg.com • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0

CVE-2006-5706

https://notcve.org/view.php?id=CVE-2006-5706

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. Vulnerabilidades no especificada en PHP, probablemente anterior a 5.2.0, permite a un usuario local evitar las restricciones open_basedir y llevar a cabo acciones no específicas a través de vectores no especificados que afectan a (1)chdir y (2)funciones tempnam. NOTA: el vector tempnam podría solaparse con CVE-2006-1494. • http://www.php.net/releases/5_2_0.php http://www.ubuntu.com/usn/usn-375-1 •