| Max CVSS | 6.9 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-5900 | 6.9 |
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
|
15-10-2018 - 21:47 | 20-11-2007 - 18:46 | |
| CVE-2007-5899 | 4.3 |
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as
|
15-10-2018 - 21:46 | 20-11-2007 - 19:46 | |
| CVE-2007-5898 | 6.4 |
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
|
15-10-2018 - 21:46 | 20-11-2007 - 18:46 | |
| CVE-2007-4840 | 5.0 |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2007-4887 | 4.3 |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
|
15-10-2018 - 21:38 | 14-09-2007 - 00:17 | |
| CVE-2007-4783 | 5.0 |
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2)
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 |