CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1475 – PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1475
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Múltiples desbordamientos de búfer en las funciones (1) ibase_connect y (2) ibase_pconnect en la extensión iterbase en PHP 4.4.6 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento. • https://www.exploit-db.com/exploits/3488 http://retrogod.altervista.org/php_446_ibase_connect_bof.html http://secunia.com/advisories/24529 http://securityreason.com/securityalert/2439 http://www.securityfocus.com/archive/1/462931/100/0/threaded http://www.securityfocus.com/bid/22976 https://exchange.xforce.ibmcloud.com/vulnerabilities/33019 •
CVSS: 7.8EPSS: 1%CPEs: 76EXPL: 0CVE-2007-1461
https://notcve.org/view.php?id=CVE-2007-1461
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. La URL encapsulada compress.bzip2:// proporcionada por la extensión bz2 en PHP versiones anteriores a 4.4.7, y versiones 5.x anteriores a 5.2.2, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos bzip2 ubicados fuera de los directorios previstos. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/25056 http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.php-security.org/MOPB/MOPB-21-2007.html http://www.securityfocus.com/bid/22954 http://www.securityfocus.com&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1454
https://notcve.org/view.php?id=CVE-2007-1454
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. ext/filter del PHP 5.2.0, cuando el FILTER_SANITIZE_STRING es utilizado con el flag FILTER_FLAG_STRIP_LOW, no deshace convenientemente las etiquetas HTML, lo que permite a atacantes remotos ejecutar un ataque de secuencias de comandos en sitios cruzados (XSS) a través de HTML con un caracter '<' seguido de ciertos caracteres de espacios en blanco, lo que hace que pasen un filtro pero se convierte en una tag válida, como se demuestra utilizando %0b. • http://secunia.com/advisories/25056 http://secunia.com/advisories/25062 http://www.debian.org/security/2007/dsa-1283 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.php-security.org/MOPB/MOPB-18-2007.html http://www.securityfocus.com/bid/22914 •
CVSS: 5.0EPSS: 1%CPEs: 63EXPL: 0CVE-2007-1460
https://notcve.org/view.php?id=CVE-2007-1460
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. La URL encapsulada zip:// proporcionada por la extensión zip PECL en PHP versiones anteriores a 4.4.7, y versiones 5.2.0 y 5.2.1, no implementa comprobaciones de safemode o open_basedir, lo que permite a atacantes remotos leer archivos ZIP ubicados fuera de los directorios previstos. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/25056 http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.php-security.org/MOPB/MOPB-20-2007.html http://www.securityfocus.com/bid/22954 http://www.securityfocus.com&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1453 – PHP 5.2 - EXT/Filter Function Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1453
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. Desbordamiento de búfer en la macro HP_FILTER_TRIM_DEFAULT en el filtro de extensiones (ext/filter) del PHP 5.2.0 permite a atacantes dependientes del contexto ejecutar código de su elección llamando al filter_var con ciertos modos como el FILTER_VALIDATE_INT, lo que provoca que el filtro escriba un byte NULL en el espacio en blanco que precede al búfer. • https://www.exploit-db.com/exploits/29732 http://secunia.com/advisories/25056 http://secunia.com/advisories/25062 http://www.debian.org/security/2007/dsa-1283 http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.php-security.org/MOPB/MOPB-19-2007.html http://www.php.net/releases/5_2_1.php http://www.securityfocus.com/bid/22922 •