Vulnerabilities > PHP > PHP > 4.4.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-28 | CVE-2007-1717 | Unspecified vulnerability in PHP The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. | 5.0 |
2007-03-27 | CVE-2007-1710 | Security Bypass vulnerability in PHP 4.4.4/5.1.6/5.2.1 The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | 4.3 |
2007-03-27 | CVE-2007-1701 | Deserialization of Untrusted Data vulnerability in PHP PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | 6.8 |
2007-03-27 | CVE-2007-1700 | Unspecified vulnerability in PHP The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | 7.5 |
2007-03-21 | CVE-2007-1583 | Unspecified vulnerability in PHP The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. network php | 6.8 |
2007-03-21 | CVE-2007-1582 | Unspecified vulnerability in PHP The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. network php | 6.8 |
2007-03-20 | CVE-2007-1521 | Unspecified vulnerability in PHP Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. network php | 6.8 |
2007-03-16 | CVE-2007-1484 | Unspecified vulnerability in PHP The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. | 4.6 |
2007-03-16 | CVE-2007-1475 | Remote Buffer Overflow vulnerability in PHP Interbase Extension Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. | 5.4 |
2007-03-14 | CVE-2007-1461 | Permissions, Privileges, and Access Controls vulnerability in PHP The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | 7.8 |