Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-1884 6.8
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the p
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1890 7.5
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1835 4.6
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
30-10-2018 - 16:25 03-04-2007 - 00:19
CVE-2007-1883 7.8
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1700 7.5
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbit
30-10-2018 - 16:25 27-03-2007 - 01:19
CVE-2007-1582 6.8
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error
30-10-2018 - 16:25 21-03-2007 - 23:19
CVE-2007-1581 9.3
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify in
30-10-2018 - 16:25 21-03-2007 - 23:19
CVE-2007-1376 7.5
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associ
30-10-2018 - 16:25 10-03-2007 - 00:19
CVE-2007-1484 4.6
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
19-10-2018 - 18:18 16-03-2007 - 21:19
CVE-2006-1549 2.1
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
18-10-2018 - 16:33 10-04-2006 - 22:58
CVE-2007-1824 5.1
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
29-07-2017 - 01:31 02-04-2007 - 23:19
CVE-2007-1461 7.8
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
13-07-2011 - 04:00 14-03-2007 - 18:19
CVE-2007-1522 6.8
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which call
08-03-2011 - 02:52 20-03-2007 - 20:19
CVE-2007-1521 6.8
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
08-03-2011 - 02:52 20-03-2007 - 20:19
CVE-2007-1383 10.0
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
05-09-2008 - 04:00 10-03-2007 - 00:19
Back to Top Mark selected
Back to Top