Max CVSS 7.5 Min CVSS 2.6 Total Count10
IDCVSSSummaryLast (major) updatePublished
CVE-2007-2756 4.3
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
05-11-2012 - 22:39 18-05-2007 - 14:30
CVE-2007-2509 2.6
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
05-11-2012 - 22:38 08-05-2007 - 20:19
CVE-2007-3007 5.0
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this
30-10-2012 - 22:36 04-06-2007 - 13:30
CVE-2007-2872 6.8
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
30-10-2012 - 22:36 04-06-2007 - 13:30
CVE-2007-2511 7.2
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
30-10-2012 - 22:34 08-05-2007 - 20:19
CVE-2007-2510 5.1
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
30-10-2012 - 22:34 08-05-2007 - 20:19
CVE-2007-1864 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
30-10-2012 - 22:32 08-05-2007 - 20:19
CVE-2007-0906 7.5
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) s
20-09-2011 - 00:00 13-02-2007 - 18:28
CVE-2007-1285 5.0
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
30-11-2010 - 01:01 06-03-2007 - 15:19
CVE-2007-1396 6.8
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
05-09-2008 - 17:20 10-03-2007 - 17:19
Back to Top Mark selected
Back to Top