Vulnerabilities > PHP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-23 | CVE-2007-4507 | Denial-Of-Service vulnerability in PHP 5.2.3 Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. network php | 6.8 |
2007-08-21 | CVE-2007-4441 | Local Buffer Overflow vulnerability in PHP Win32std Extension Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | 4.6 |
2007-07-26 | CVE-2007-4010 | Unspecified vulnerability in PHP 5.2.3 The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. network php | 6.8 |
2007-07-17 | CVE-2007-3806 | Improper Input Validation vulnerability in PHP 5.2.3 The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. | 6.8 |
2007-07-16 | CVE-2007-3799 | Improper Input Validation vulnerability in PHP The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | 4.3 |
2007-07-15 | CVE-2007-3790 | Denial-Of-Service vulnerability in PHP 5.2.3 The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. network php | 5.8 |
2007-06-29 | CVE-2007-3378 | Permissions, Privileges, and Access Controls vulnerability in PHP The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | 6.8 |
2007-06-13 | CVE-2007-3205 | Remote Security vulnerability in Hardened-Php The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. | 5.0 |
2007-06-04 | CVE-2007-3007 | Permissions, Privileges, and Access Controls vulnerability in PHP PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. | 5.0 |
2007-05-17 | CVE-2007-2748 | Information Exposure vulnerability in PHP The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | 4.3 |