Total
702 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3997 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. | |||||
CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2023-12-10 | 7.5 HIGH | N/A |
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | |||||
CVE-2007-1581 | 1 Php | 1 Php | 2023-12-10 | 9.3 HIGH | N/A |
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | |||||
CVE-2007-1884 | 4 Apple, Linux, Microsoft and 1 more | 6 Mac Os X, Mac Os X Server, Linux Kernel and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. | |||||
CVE-2007-1700 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | |||||
CVE-2007-0907 | 2 Php, Trustix | 2 Php, Secure Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | |||||
CVE-2007-3294 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. | |||||
CVE-2007-4850 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | |||||
CVE-2007-2510 | 1 Php | 1 Php | 2023-12-10 | 5.1 MEDIUM | N/A |
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. | |||||
CVE-2007-4255 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | |||||
CVE-2007-2727 | 1 Php | 1 Php | 2023-12-10 | 2.6 LOW | N/A |
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. | |||||
CVE-2007-2511 | 1 Php | 1 Php | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | |||||
CVE-2007-1383 | 1 Php | 1 Php | 2023-12-10 | 10.0 HIGH | N/A |
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. | |||||
CVE-2007-2728 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2023-12-10 | 5.0 MEDIUM | N/A |
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. | |||||
CVE-2007-2509 | 1 Php | 1 Php | 2023-12-10 | 2.6 LOW | N/A |
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | |||||
CVE-2007-4586 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. | |||||
CVE-2007-1885 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. | |||||
CVE-2007-0908 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2023-12-10 | 5.0 MEDIUM | N/A |
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | |||||
CVE-2007-1375 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | |||||
CVE-2006-3011 | 1 Php | 1 Php | 2023-12-10 | 4.6 MEDIUM | N/A |
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. |