Max CVSS 7.8 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-1285 5.0
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
02-02-2024 - 14:03 06-03-2007 - 20:19
CVE-2007-1864 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
22-05-2019 - 18:44 09-05-2007 - 00:19
CVE-2007-2509 2.6
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
30-10-2018 - 16:25 09-05-2007 - 00:19
CVE-2007-1717 5.0
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
30-10-2018 - 16:25 28-03-2007 - 00:19
CVE-2007-1001 6.8
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
30-10-2018 - 16:25 06-04-2007 - 00:19
CVE-2007-1583 6.8
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with
30-10-2018 - 16:25 21-03-2007 - 23:19
CVE-2007-1396 6.8
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
30-10-2018 - 16:25 10-03-2007 - 22:19
CVE-2007-1484 4.6
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
19-10-2018 - 18:18 16-03-2007 - 21:19
CVE-2007-1461 7.8
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
13-07-2011 - 04:00 14-03-2007 - 18:19
CVE-2007-1460 5.0
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
24-05-2011 - 04:00 14-03-2007 - 18:19
CVE-2007-1521 6.8
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
08-03-2011 - 02:52 20-03-2007 - 20:19
CVE-2007-1287 4.3
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina
08-03-2011 - 02:51 06-03-2007 - 20:19
Back to Top Mark selected
Back to Top