CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2007-4010 – PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-4010
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. La extensión win32std en el PHP 5.2.3 no sigue las restricciones del safe_mode y el disable_functions, lo que permite a atacantes remotos ejecutar comandos de su elección a través de la función win_shell_execute. • https://www.exploit-db.com/exploits/4218 http://www.securityfocus.com/bid/25041 https://exchange.xforce.ibmcloud.com/vulnerabilities/35604 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3806 – PHP 5.2.3 - 'glob()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. La función glob en PHP versión 5.2.3, permite a atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor no válido del parámetro flags, probablemente relacionado con la corrupción de memoria o una lectura no válida en plataformas win32, y posiblemente relacionado con la falta de inicialización para una estructura glob. • https://www.exploit-db.com/exploits/4181 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log http://osvdb.org/36085 http://secunia.com/advisories/26085 http://secunia.com/advisories/26642 http://secunia.com/advisories/27102 http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://www.debian.org/security/2008/dsa-1572 http://www.debian. • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 38%CPEs: 69EXPL: 1CVE-2007-3799 – PHP 5.2.3 - EXT/Session HTTP Response Header Injection
https://notcve.org/view.php?id=CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. Una función session_start en ext/session en PHP versiones 4.x hasta 4.4.7 y versiones 5.x hasta 5.2.3, permite a atacantes remotos insertar atributos arbitrarios en la cookie de sesión por medio de caracteres especiales en una cookie que es obtenida de (1) PATH_INFO, (2) la función session_id, y (3) la función session_start, que no están codificadas o filtradas cuando es generado la nueva cookie de sesión, lo que constituye un problema relacionado con CVE-2006-0207. • https://www.exploit-db.com/exploits/30130 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/36855 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia&# • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3790 – PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3790
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. La función com_print_typeinfo en la extensión bz2 en PHP 5.2.3 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio mediante un argumento largo. • https://www.exploit-db.com/exploits/4175 http://osvdb.org/36854 •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 3CVE-2007-3378
https://notcve.org/view.php?id=CVE-2007-3378
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. Las funciones (1) session_save_path, (2) ini_set y (3) error_log en PHP versión 4.4.7 y versiones anteriores, y PHP versión 5 5.2.3 y versiones anteriores, cuando se invocan desde un archivo .htaccess, permiten a los atacantes remotos omitir las restricciones safe_mode y open_basedir y posiblemente ejecutar comandos arbitrarios, como se ha demostrado utilizando (a) php_value, (b) php_flag y (c) las directivas en .htaccess. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://seclists.org/fulldisclosure/2020/Sep/34 http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/27648 http://secunia. • CWE-264: Permissions, Privileges, and Access Controls •