CVE-2007-0905
https://notcve.org/view.php?id=CVE-2007-0905
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. PHP anterior a 5.2.1 permite a atacantes remotos evitar las restricciones safe_mode y open_basedir mediante vectores no especificados en la extensión de sesión. NOTAL: es posible que este asunto sea un duplicado de CVE-2006-6383. • http://osvdb.org/32768 http://secunia.com/advisories/24089 http://secunia.com/advisories/24419 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html http://www.php.net/ChangeLog-5.php#5.2.1 http://www.php.net/releases/5_2_1.php http://www.securityfocus.com/bid/22496 http://www.trustix.org/errata/2007/0009 http://www.vupen.com/english/advisories/2007/0546 •
CVE-2007-0910
https://notcve.org/view.php?id=CVE-2007-0910
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. La vulnerabilidad no especificada en PHP versión anterior a 5.2.1 permite a los atacantes "golpear" (clobber) ciertas variables super-globales por medio de vectores no especificados • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32763 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/24284 http://secunia.com/advisories/24295 http •
CVE-2007-0908 – PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak
https://notcve.org/view.php?id=CVE-2007-0908
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. El deserializador WDDX en la extensión wddx en PHP versión 5 anterior a 5.2.1 y PHP versión 4 anterior a 4.4.5, no inicializa apropiadamente la variable key_length para una clave numérica, lo que permite a los atacantes dependiendo del contexto leer la memoria de pila por medio de un elemento wddxPacket que contiene un variable con un nombre de cadena anterior a una variable numérica. • https://www.exploit-db.com/exploits/3414 ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/32766 http://rhn.redhat.com/errata/RHSA-2007-0089.html http://secunia.com/advisories/24089 http://secunia.com/advisories/24195 http://secunia.com/advisories/24217 http://secunia.com/advisories/24236 http://secunia.com/advisories/24248 http://secunia.com/advisories/2428 • CWE-20: Improper Input Validation •
CVE-2007-0906
https://notcve.org/view.php?id=CVE-2007-0906
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). Los múltiples desbordamientos de búfer en PHP versión anterior a 5.2.1 permiten a los atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de vectores no específicos en las extensiones (1) session, (2) zip, (3) imap y (4) sqlite; (5) filtros de flujo; y las funciones (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user y (10) ibase_modify_user. NOTA: el vector 6 podría ser en realidad un desbordamiento de entero (CVE-2007-1885). • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://osvdb.org/34706 http://osvdb.org/34707 http://osvdb.org/34708 http://osvdb.org/34709 http://osvdb.org/34710 http://osvdb.org/34711 http://osvdb.org/34712 http://osvdb.org/34713 http://osvdb.org/34714 http://osvdb.org/34715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0455 – gd: buffer overrun
https://notcve.org/view.php?id=CVE-2007-0455
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Desbordamiento de búfer en la función gdImageStringFTEx en gdft.c de GD Graphics Library 2.0.33 y anteriores permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección mediante una cadena manipulada con una fuente JIS codificada. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •