Vulnerabilities > PHP > PHP > 4.3.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-03 | CVE-2007-1835 | Unspecified vulnerability in PHP PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. | 4.6 |
2007-04-02 | CVE-2007-1825 | Buffer Overflow vulnerability in PHP Imap_Mail_Compose() Function Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. | 7.5 |
2007-03-30 | CVE-2007-1777 | Integer Overflow vulnerability in PHP Zip_Entry_Read() Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | 7.5 |
2007-03-28 | CVE-2007-1718 | Unspecified vulnerability in PHP CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. | 7.8 |
2007-03-28 | CVE-2007-1717 | Unspecified vulnerability in PHP The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. | 5.0 |
2007-03-27 | CVE-2007-1701 | Deserialization of Untrusted Data vulnerability in PHP PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | 6.8 |
2007-03-27 | CVE-2007-1700 | Unspecified vulnerability in PHP The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | 7.5 |
2007-03-21 | CVE-2007-1583 | Unspecified vulnerability in PHP The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. network php | 6.8 |
2007-03-21 | CVE-2007-1582 | Unspecified vulnerability in PHP The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. network php | 6.8 |
2007-03-20 | CVE-2007-1521 | Unspecified vulnerability in PHP Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. network php | 6.8 |