| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-0908 | 5.0 |
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element
|
30-10-2018 - 16:26 | 13-02-2007 - 23:28 | |
| CVE-2007-0909 | 7.5 |
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
| CVE-2007-0906 | 7.5 |
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) s
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
| CVE-2007-0910 | 10.0 |
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
| CVE-2007-0907 | 5.0 |
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
| CVE-2007-0905 | 7.5 |
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 |