Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-16 | CVE-2007-2728 | The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. | 5.0 |
| 2007-05-09 | CVE-2007-2510 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. | 5.1 |
| 2007-04-30 | CVE-2007-2369 | Directory Traversal vulnerability in PHP Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-04-10 | CVE-2007-1900 | Unspecified vulnerability in PHP 5.2.0/5.2.1 CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | 5.0 |
| 2007-04-06 | CVE-2007-1886 | Unspecified vulnerability in PHP 4.4.5/5.2.1 Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." network php | 6.8 |
| 2007-04-06 | CVE-2007-1884 | Format String vulnerability in PHP Printf() Function 64bit Casting Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. | 6.8 |
| 2007-04-06 | CVE-2007-1001 | Numeric Errors vulnerability in PHP Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. | 6.8 |
| 2007-04-03 | CVE-2007-1835 | Unspecified vulnerability in PHP PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. | 4.6 |
| 2007-04-02 | CVE-2007-1824 | Buffer Overflow vulnerability in PHP 5 PHP_Stream_Filter_Create() Function Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | 5.1 |
| 2007-03-28 | CVE-2007-1717 | Unspecified vulnerability in PHP The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. | 5.0 |