Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-06 | CVE-2007-1890 | Integer Overflow vulnerability in PHP Msg_Receive() Memory Allocation Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. | 7.5 |
2007-04-06 | CVE-2007-1889 | Buffer Overflow vulnerability in PHP 5.2.0 Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize. | 7.5 |
2007-04-06 | CVE-2007-1888 | Unspecified vulnerability in PHP Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. | 7.5 |
2007-04-06 | CVE-2007-1887 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. | 7.5 |
2007-04-06 | CVE-2007-1886 | Unspecified vulnerability in PHP 4.4.5/5.2.1 Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." network php | 6.8 |
2007-04-06 | CVE-2007-1885 | Integer Overflow vulnerability in PHP Str_Replace() Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. | 7.5 |
2007-04-06 | CVE-2007-1884 | Format String vulnerability in PHP Printf() Function 64bit Casting Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. | 6.8 |
2007-04-06 | CVE-2007-1883 | Denial-Of-Service vulnerability in PHP PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters. | 7.8 |
2007-04-06 | CVE-2007-1882 | SQL-Injection vulnerability in HP Mercury Quality Center 9.0 qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method. | 6.5 |
2007-04-06 | CVE-2007-1684 | Unspecified vulnerability in Solidworks Sldimdownload Activex Control 16.0.0.5 The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments. | 9.3 |