Total
702 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1378 | 1 Php | 1 Php | 2023-12-10 | 5.1 MEDIUM | N/A |
The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. | |||||
CVE-2007-1376 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. | |||||
CVE-2007-0909 | 2 Php, Trustix | 2 Php, Secure Linux | 2023-12-10 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | |||||
CVE-2007-2748 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
CVE-2007-1461 | 1 Php | 1 Php | 2023-12-10 | 7.8 HIGH | N/A |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | |||||
CVE-2007-4659 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | |||||
CVE-2007-1890 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. | |||||
CVE-2007-5128 | 2 Boesch-it, Php | 2 Simpnews, Php | 2023-12-10 | 5.0 MEDIUM | N/A |
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | |||||
CVE-2007-1888 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. | |||||
CVE-2007-1709 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. | |||||
CVE-2007-0911 | 1 Php | 1 Php | 2023-12-10 | 7.8 HIGH | N/A |
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | |||||
CVE-2007-4662 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | |||||
CVE-2007-1381 | 1 Php | 1 Php | 2023-12-10 | 7.6 HIGH | N/A |
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. | |||||
CVE-2007-3007 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. | |||||
CVE-2007-4652 | 1 Php | 1 Php | 2023-12-10 | 4.4 MEDIUM | N/A |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | |||||
CVE-2007-3998 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2023-12-10 | 5.0 MEDIUM | N/A |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | |||||
CVE-2007-4887 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
CVE-2007-5653 | 1 Php | 1 Php | 2023-12-10 | 9.3 HIGH | N/A |
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. | |||||
CVE-2007-6039 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | |||||
CVE-2007-4010 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | N/A |
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. |