Max CVSS | 7.5 | Min CVSS | 4.4 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-3378 | 6.8 |
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
|
18-09-2020 - 19:15 | 29-06-2007 - 18:30 | |
CVE-2007-4657 | 7.5 |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
|
26-10-2018 - 14:05 | 04-09-2007 - 22:17 | |
CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-3997 | 7.5 |
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-4662 | 7.5 |
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4660 | 7.5 |
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-3996 | 6.8 |
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
|
29-09-2017 - 01:29 | 04-09-2007 - 18:17 | |
CVE-2007-4663 | 7.5 |
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-4659 | 7.5 |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-4652 | 4.4 |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
|
29-07-2017 - 01:33 | 04-09-2007 - 19:17 |