CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-4889
https://notcve.org/view.php?id=CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. La extensión MySQL de PHP 5.2.4 y versiones anteriores permite a atacantes remotos evitar las restricciones safe_mode y open_basedir mediante las funciones MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, y (3) INTO OUTFILE, asunto diferente de CVE-2007-3997. • http://securityreason.com/securityalert/3134 http://www.securityfocus.com/archive/1/479082/100/0/threaded http://www.securityfocus.com/archive/1/479187/100/200/threaded http://www.securityfocus.com/archive/1/479189/100/200/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36555 •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 0CVE-2007-4887
https://notcve.org/view.php?id=CVE-2007-4887
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. La función dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante una cadena larga en el parámetro library. NOTA. Existen escenarios de uso limitado bajo los cuales esto sería una vulnerabilidad. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28750 http://secunia.com/advisories/29420 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3133 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http:&# • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0CVE-2007-4840
https://notcve.org/view.php?id=CVE-2007-4840
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. PHP 5.2.4 y anteriores permite a usuarios locales o remotos dependiendo del contexto provocar una denegación de serviciO (caída de aplicación) mediante (1) una cadena larga en el parámetro out_charset para la función iconf; o una cadena larga en el parámetro charset para las funciones (2) iconv_mime_decode_headers, (3) iconv_mime_decode, o (4) iconf_strlen. NOTA: esto no podrían ser una vulnerabilidad en la mayoría de los entornos de servidor web que soportan múltiples hilos, a no ser que se pueda demostrar que estos problemas permiten ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/38916 http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28658 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3122 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.securityfocus.com/archive/1/478730/100/0/threaded http://www.securi • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4825
https://notcve.org/view.php?id=CVE-2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. Vulnerabilidad de salto de directorio en PHP 5.2.4 y anteriores permite a los atacantes evitar restricciones open_basedir y posiblemente ejecutar código de su elección mediante un .. (punto punto) en la función dl. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/45902 http://secunia.com/advisories/27102 http://secunia.com/advisories/28658 http://securityreason.com/securityalert/3119 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.5 http://www.php.net/releases/5_2_5.php http://www.securityfocus.com/archive/1/478985/100/0/threaded http://www.securityfocus.com/archive/1/478988/100&#x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4784
https://notcve.org/view.php?id=CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. La función setlocale en PHP anterior 5.2.4 permite a atacantes dependientes del contexto provocar denegación de servicio (caida de aplicación) a través de una cadena larga en el parámetro locale. NOTA: esto podría no ser una vulnerabilida en muchos entornos de servidores web que soporten múltiples hilos, a menos que este asunto pueda demostrarse para ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/38687 http://secunia.com/advisories/27102 http://secunia.com/advisories/28658 http://securityreason.com/securityalert/3114 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.securityfocus.com/archive/1/478627/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36458 • CWE-20: Improper Input Validation •