Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:php:php:4.0.1:rc
There are 407 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2007-1521

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1475

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

Published: March 16, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2007-1484

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.

Published: March 16, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-1460

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

Published: March 14, 2007; 2:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1461

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.

Published: March 14, 2007; 2:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1413

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

Published: March 12, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1411

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

Published: March 10, 2007; 5:19:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1375

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

Published: March 09, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1376

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

Published: March 09, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1378

The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.

Published: March 09, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2007-1379

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

Published: March 09, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2007-1380

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Published: March 09, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Published: March 06, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

Published: March 06, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Published: February 20, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0906

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0907

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0909

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH