CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2007-4033 – T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4033
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de un parámetro FileName largo. NOTA: este problema se reportó originalmente de estar en la función imagepsloadfont en la biblioteca php_gd2.dll en la extensión gd (PHP_GD2) en PHP versión 5.2.3. • https://www.exploit-db.com/exploits/30401 https://www.exploit-db.com/exploits/4227 http://bugs.gentoo.org/show_bug.cgi?id=193437 http://fedoranews.org/updates/FEDORA-2007-234.shtml http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2007-4010 – PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-4010
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. La extensión win32std en el PHP 5.2.3 no sigue las restricciones del safe_mode y el disable_functions, lo que permite a atacantes remotos ejecutar comandos de su elección a través de la función win_shell_execute. • https://www.exploit-db.com/exploits/4218 http://www.securityfocus.com/bid/25041 https://exchange.xforce.ibmcloud.com/vulnerabilities/35604 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3806 – PHP 5.2.3 - 'glob()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. La función glob en PHP versión 5.2.3, permite a atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor no válido del parámetro flags, probablemente relacionado con la corrupción de memoria o una lectura no válida en plataformas win32, y posiblemente relacionado con la falta de inicialización para una estructura glob. • https://www.exploit-db.com/exploits/4181 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log http://osvdb.org/36085 http://secunia.com/advisories/26085 http://secunia.com/advisories/26642 http://secunia.com/advisories/27102 http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://www.debian.org/security/2008/dsa-1572 http://www.debian. • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 38%CPEs: 69EXPL: 1CVE-2007-3799 – PHP 5.2.3 - EXT/Session HTTP Response Header Injection
https://notcve.org/view.php?id=CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. Una función session_start en ext/session en PHP versiones 4.x hasta 4.4.7 y versiones 5.x hasta 5.2.3, permite a atacantes remotos insertar atributos arbitrarios en la cookie de sesión por medio de caracteres especiales en una cookie que es obtenida de (1) PATH_INFO, (2) la función session_id, y (3) la función session_start, que no están codificadas o filtradas cuando es generado la nueva cookie de sesión, lo que constituye un problema relacionado con CVE-2006-0207. • https://www.exploit-db.com/exploits/30130 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/36855 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia&# • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3790 – PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3790
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. La función com_print_typeinfo en la extensión bz2 en PHP 5.2.3 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio mediante un argumento largo. • https://www.exploit-db.com/exploits/4175 http://osvdb.org/36854 •