| Max CVSS | 7.5 | Min CVSS | 1.2 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-4657 | 7.5 |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
|
26-10-2018 - 14:05 | 04-09-2007 - 22:17 | |
| CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
| CVE-2007-3997 | 7.5 |
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
| CVE-2005-4667 | 3.7 |
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
|
19-10-2018 - 15:41 | 31-12-2005 - 05:00 | |
| CVE-2006-4624 | 2.6 |
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
|
17-10-2018 - 21:38 | 07-09-2006 - 19:04 | |
| CVE-2006-4600 | 2.3 |
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2007-3476 | 4.3 |
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a se
|
16-10-2018 - 16:50 | 28-06-2007 - 18:30 | |
| CVE-2007-3472 | 4.3 |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. An integer overflow exists in the "gdImageCreateTrueColor()" fun
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
| CVE-2007-3475 | 4.3 |
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
| CVE-2007-3473 | 4.3 |
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
| CVE-2007-4224 | 4.3 |
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
|
15-10-2018 - 21:33 | 08-08-2007 - 21:17 | |
| CVE-2007-3820 | 2.6 |
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
|
15-10-2018 - 21:31 | 17-07-2007 - 01:30 | |
| CVE-2007-4661 | 7.5 |
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
| CVE-2007-4662 | 7.5 |
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
| CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
| CVE-2005-2475 | 1.2 |
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
|
11-10-2017 - 01:30 | 05-08-2005 - 04:00 | |
| CVE-2007-3806 | 6.8 |
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform
|
29-09-2017 - 01:29 | 17-07-2007 - 00:30 | |
| CVE-2007-4663 | 7.5 |
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
| CVE-2007-4659 | 7.5 |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
| CVE-2007-4652 | 4.4 |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
|
29-07-2017 - 01:33 | 04-09-2007 - 19:17 |