Max CVSS 10.0 Min CVSS 2.6 Total Count27
IDCVSSSummaryLast (major) updatePublished
CVE-2007-0911 7.8
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
17-10-2016 - 23:43 13-02-2007 - 18:28
CVE-2007-1718 7.8
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of
13-08-2013 - 12:00 27-03-2007 - 20:19
CVE-2007-1710 4.3
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a
03-08-2013 - 02:17 26-03-2007 - 21:19
CVE-2007-2727 2.6
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi
05-11-2012 - 22:39 16-05-2007 - 18:30
CVE-2007-2509 2.6
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
05-11-2012 - 22:38 08-05-2007 - 20:19
CVE-2007-1883 7.8
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t
05-11-2012 - 22:36 05-04-2007 - 21:19
CVE-2007-1717 5.0
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
05-11-2012 - 00:00 27-03-2007 - 20:19
CVE-2007-2748 4.3
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
30-10-2012 - 22:36 17-05-2007 - 16:30
CVE-2007-2511 7.2
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
30-10-2012 - 22:34 08-05-2007 - 20:19
CVE-2007-2510 5.1
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
30-10-2012 - 22:34 08-05-2007 - 20:19
CVE-2007-1864 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
30-10-2012 - 22:32 08-05-2007 - 20:19
CVE-2007-1001 6.8
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
08-09-2011 - 00:00 05-04-2007 - 20:19
CVE-2007-1461 7.8
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
13-07-2011 - 00:00 14-03-2007 - 14:19
CVE-2007-1460 5.0
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
24-05-2011 - 00:00 14-03-2007 - 14:19
CVE-2007-3998 5.0
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-1583 6.8
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with
07-03-2011 - 21:52 21-03-2007 - 19:19
CVE-2007-1522 6.8
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which call
07-03-2011 - 21:52 20-03-2007 - 16:19
CVE-2007-1521 6.8
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
07-03-2011 - 21:52 20-03-2007 - 16:19
CVE-2007-1484 4.6
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
07-03-2011 - 21:52 16-03-2007 - 17:19
CVE-2007-1399 10.0
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from
07-03-2011 - 21:52 10-03-2007 - 17:19
CVE-2007-0455 7.5
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded
07-03-2011 - 21:49 30-01-2007 - 12:28
CVE-2007-1285 5.0
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
30-11-2010 - 01:01 06-03-2007 - 15:19
CVE-2007-4670 5.0
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
21-08-2010 - 01:10 04-09-2007 - 20:17
CVE-2007-1709 4.3
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
05-09-2008 - 17:21 26-03-2007 - 21:19
CVE-2007-1582 6.8
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error
05-09-2008 - 17:20 21-03-2007 - 19:19
CVE-2007-1396 6.8
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
05-09-2008 - 17:20 10-03-2007 - 17:19
CVE-2007-1375 5.0
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
05-09-2008 - 17:20 09-03-2007 - 19:19
Back to Top Mark selected
Back to Top