Max CVSS | 7.5 | Min CVSS | 4.4 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-1285 | 5.0 |
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
|
02-02-2024 - 14:03 | 06-03-2007 - 20:19 | |
CVE-2007-3378 | 6.8 |
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
|
18-09-2020 - 19:15 | 29-06-2007 - 18:30 | |
CVE-2007-4657 | 7.5 |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
|
26-10-2018 - 14:05 | 04-09-2007 - 22:17 | |
CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-3997 | 7.5 |
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-4661 | 7.5 |
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4662 | 7.5 |
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4660 | 7.5 |
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-3996 | 6.8 |
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
|
29-09-2017 - 01:29 | 04-09-2007 - 18:17 | |
CVE-2007-3806 | 6.8 |
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform
|
29-09-2017 - 01:29 | 17-07-2007 - 00:30 | |
CVE-2007-4663 | 7.5 |
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-4659 | 7.5 |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-4652 | 4.4 |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
|
29-07-2017 - 01:33 | 04-09-2007 - 19:17 |