Max CVSS | 7.8 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-1285 | 5.0 |
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
|
02-02-2024 - 14:03 | 06-03-2007 - 20:19 | |
CVE-2007-1864 | 7.5 |
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
|
22-05-2019 - 18:44 | 09-05-2007 - 00:19 | |
CVE-2007-2509 | 2.6 |
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
|
30-10-2018 - 16:25 | 09-05-2007 - 00:19 | |
CVE-2007-1717 | 5.0 |
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
|
30-10-2018 - 16:25 | 28-03-2007 - 00:19 | |
CVE-2007-1001 | 6.8 |
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
|
30-10-2018 - 16:25 | 06-04-2007 - 00:19 | |
CVE-2007-1583 | 6.8 |
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with
|
30-10-2018 - 16:25 | 21-03-2007 - 23:19 | |
CVE-2007-1396 | 6.8 |
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
|
30-10-2018 - 16:25 | 10-03-2007 - 22:19 | |
CVE-2007-1484 | 4.6 |
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
|
19-10-2018 - 18:18 | 16-03-2007 - 21:19 | |
CVE-2007-1461 | 7.8 |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
|
13-07-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2007-1460 | 5.0 |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
|
24-05-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2007-1521 | 6.8 |
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
|
08-03-2011 - 02:52 | 20-03-2007 - 20:19 | |
CVE-2007-1287 | 4.3 |
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina
|
08-03-2011 - 02:51 | 06-03-2007 - 20:19 |