Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-14 | CVE-2007-4887 | Improper Input Validation vulnerability in PHP The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. | 4.3 |
| 2007-09-12 | CVE-2007-4840 | Improper Input Validation vulnerability in PHP PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. | 5.0 |
| 2007-09-10 | CVE-2007-4784 | Improper Input Validation vulnerability in PHP The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. | 5.0 |
| 2007-09-10 | CVE-2007-4783 | Improper Input Validation vulnerability in PHP The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. | 5.0 |
| 2007-09-10 | CVE-2007-4782 | Code Injection vulnerability in PHP PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. | 5.0 |
| 2007-09-05 | CVE-2007-4670 | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | 5.0 |
| 2007-09-04 | CVE-2007-4652 | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |
| 2007-09-04 | CVE-2007-3998 | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
| 2007-09-04 | CVE-2007-3996 | Numeric Errors vulnerability in PHP Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6.8 |
| 2007-08-25 | CVE-2007-4528 | Remote Security vulnerability in PHP 5.0.5 The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. network php | 4.3 |