Vulnerabilities > PHP > PHP > 5.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-14 | CVE-2007-1461 | Permissions, Privileges, and Access Controls vulnerability in PHP The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | 7.8 |
2007-03-14 | CVE-2007-1460 | Permissions, Privileges, and Access Controls vulnerability in PHP The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | 5.0 |
2007-03-12 | CVE-2007-1413 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). | 7.5 |
2007-03-10 | CVE-2007-1399 | Stack Buffer Overflow vulnerability in PHP Zip URL Wrapper Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | 10.0 |
2007-03-10 | CVE-2007-1396 | Unspecified vulnerability in PHP The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. network php | 6.8 |
2007-03-10 | CVE-2007-1375 | Integer Overflow vulnerability in PHP 5 Substr_Compare Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | 5.0 |
2007-03-06 | CVE-2007-1285 | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
2007-02-13 | CVE-2007-0911 | Remote Denial of Service vulnerability in PHP 5.2.1 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | 7.8 |