CVSS: 2.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-2660
https://notcve.org/view.php?id=CVE-2006-2660
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. • http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134 http://secunia.com/advisories/21125 http://securityreason.com/securityalert/1069 http://securitytracker.com/id?1016271 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.securityfocus.com/archive/1/436785/100/0/threaded http://www.ubuntu.com/usn/usn-320-1 https://exchange.xforce.ibmcloud.com/vulnerabilities •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2563
https://notcve.org/view.php?id=CVE-2006-2563
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. • http://secunia.com/advisories/20337 http://secunia.com/advisories/21050 http://secunia.com/advisories/21847 http://secunia.com/advisories/22039 http://securityreason.com/achievement_securityalert/39 http://securityreason.com/securityalert/959 http://securitytracker.com/id?1016175 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.novell.com/linux/security/advisories/2006_52_php.html http://www.se •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1CVE-2006-1990
https://notcve.org/view.php?id=CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. Desbordamiento de entero en la función wordwrap en string.c en PHP 4.4.2 y 5.1.2 podría permitir a atacantes dependientes del contexto ejecutar código arbitrario a través de ciertos argumentos largos que provoca la asignación de un búfer pequeño, lo que desencadena un desbordamiento de búfer basado en memoria dinámica en una llamada a la función memcpy, una vulnerabilidad diferente a CVE-2002-1396. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19803 http://secunia.com/advisories/20052 http://secunia.com/advisories/20222 http://secunia.com/advisories/20269 http://secunia.com/advisories/20676 http://secunia.com/advisories/21031 http://secunia.c •
CVSS: 6.4EPSS: 3%CPEs: 1EXPL: 1CVE-2006-1991
https://notcve.org/view.php?id=CVE-2006-1991
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. La función substr_compare en string.c en PHP 5.1.2 permite a atacantes dependientes del contexto provocar una denegación de servicio (violación de acceso a memoria) a través de un argumento de desplazamiento fuera de los límites. • http://secunia.com/advisories/20052 http://secunia.com/advisories/20269 http://secunia.com/advisories/20676 http://secunia.com/advisories/21125 http://security.gentoo.org/glsa/glsa-200605-08.xml http://securitytracker.com/id?1015979 http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02 http://www.mandriva.com/security/advisories?name=MDKSA-2006:091 http://www.novell.com/linux/security/advisories/2006_31_php.html http://www.ubuntu.com/usn/usn-320-1 http:/&# • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 5CVE-2006-1549 – PHP 4/5 - Executor Deep Recursion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-1549
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. • https://www.exploit-db.com/exploits/29693 http://securityreason.com/achievement_securityalert/35 http://securityreason.com/securityalert/2312 http://securityreason.com/securityalert/676 http://securitytracker.com/id?1015880 http://www.osvdb.org/24485 http://www.php-security.org/MOPB/MOPB-02-2007.html http://www.securityfocus.com/archive/1/430453/100/0/threaded http://www.securityfocus.com/archive/1/430598/100/0/threaded http://www.securityfocus.com/archive/1/430742/100/0/thread • CWE-399: Resource Management Errors •