Vulnerabilities > PHP > PHP > 4.3.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-10 | CVE-2007-4783 | Improper Input Validation vulnerability in PHP The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. | 5.0 |
2007-09-10 | CVE-2007-4782 | Code Injection vulnerability in PHP PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. | 5.0 |
2007-09-05 | CVE-2007-4670 | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | 5.0 |
2007-09-04 | CVE-2007-4663 | Path Traversal vulnerability in PHP Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | 7.5 |
2007-09-04 | CVE-2007-4662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | 7.5 |
2007-09-04 | CVE-2007-4660 | Resource Management Errors vulnerability in PHP Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | 7.5 |
2007-09-04 | CVE-2007-4659 | Unspecified vulnerability in PHP The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | 7.5 |
2007-09-04 | CVE-2007-4658 | Unspecified vulnerability in PHP The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | 7.5 |
2007-09-04 | CVE-2007-4657 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. | 7.5 |
2007-09-04 | CVE-2007-4652 | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |