Vulnerabilities > PHP > PHP > 5.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-04 | CVE-2007-4660 | Resource Management Errors vulnerability in PHP Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | 7.5 |
2007-09-04 | CVE-2007-4659 | Unspecified vulnerability in PHP The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | 7.5 |
2007-09-04 | CVE-2007-4658 | Unspecified vulnerability in PHP The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | 7.5 |
2007-09-04 | CVE-2007-4657 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. | 7.5 |
2007-09-04 | CVE-2007-4652 | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |
2007-09-04 | CVE-2007-3998 | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
2007-09-04 | CVE-2007-3997 | Permissions, Privileges, and Access Controls vulnerability in PHP The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. | 7.5 |
2007-09-04 | CVE-2007-3996 | Numeric Errors vulnerability in PHP Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6.8 |
2007-08-23 | CVE-2007-4507 | Denial-Of-Service vulnerability in PHP 5.2.3 Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. network php | 6.8 |
2007-08-08 | CVE-2007-4255 | Buffer Overflow vulnerability in PHP 5.2.3 Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | 7.5 |