CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

PHP » PHP : Security Vulnerabilities Published In 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-7204 2007-05-22 2008-09-05
2.1
None Local Low Not required Partial None None
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
2 CVE-2007-0448 Bypass 2007-05-24 2008-09-11
10.0
None Remote Low Not required Complete Complete Complete
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
3 CVE-2007-0905 Bypass 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
4 CVE-2007-0906 119 DoS Exec Code Overflow 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
5 CVE-2007-0907 DoS 2007-02-13 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
6 CVE-2007-0908 20 2007-02-13 2018-10-30
5.0
None Remote Low Not required Partial None None
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
7 CVE-2007-0909 Exec Code 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
8 CVE-2007-0910 2007-02-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
9 CVE-2007-0911 DoS 2007-02-13 2018-10-16
7.8
None Remote Low Not required None None Complete
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
10 CVE-2007-0988 119 DoS Overflow 2007-02-20 2019-10-09
4.3
None Remote Medium Not required None None Partial
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
11 CVE-2007-1001 189 Exec Code Overflow 2007-04-06 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
12 CVE-2007-1285 119 DoS Overflow 2007-03-06 2018-10-30
5.0
None Remote Low Not required None None Partial
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
13 CVE-2007-1286 Exec Code Overflow 2007-03-06 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
14 CVE-2007-1287 XSS 2007-03-06 2011-03-08
4.3
None Remote Medium Not required None Partial None
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
15 CVE-2007-1375 Overflow 2007-03-10 2017-10-11
5.0
None Remote Low Not required Partial None None
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
16 CVE-2007-1376 2007-03-10 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
17 CVE-2007-1378 2007-03-10 2018-10-30
5.1
None Remote High Not required Partial Partial Partial
The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.
18 CVE-2007-1379 Exec Code 2007-03-10 2018-10-30
5.1
None Remote High Not required Partial Partial Partial
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
19 CVE-2007-1380 +Info 2007-03-10 2018-10-30
5.0
None Remote Low Not required Partial None None
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
20 CVE-2007-1381 119 Exec Code Overflow 2007-03-10 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
21 CVE-2007-1383 189 Exec Code Overflow 2007-03-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
22 CVE-2007-1396 2007-03-10 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.
23 CVE-2007-1399 Exec Code Overflow 2007-03-10 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
24 CVE-2007-1401 Overflow +Priv 2007-03-10 2018-10-16
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
25 CVE-2007-1411 Exec Code Overflow 2007-03-10 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
26 CVE-2007-1412 +Info 2007-03-12 2017-10-11
7.8
None Remote Low Not required Complete None None
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
27 CVE-2007-1413 119 Exec Code Overflow 2007-03-12 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
28 CVE-2007-1452 Bypass 2007-03-14 2008-09-05
5.0
None Remote Low Not required None Partial None
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
29 CVE-2007-1453 Exec Code 2007-03-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
30 CVE-2007-1454 XSS 2007-03-14 2008-09-05
4.3
None Remote Medium Not required None Partial None
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
31 CVE-2007-1460 264 2007-03-14 2011-05-24
5.0
None Remote Low Not required Partial None None
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
32 CVE-2007-1461 264 2007-03-14 2011-07-13
7.8
None Remote Low Not required Complete None None
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
33 CVE-2007-1475 Exec Code Overflow 2007-03-16 2018-10-19
5.4
None Local Network Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.
34 CVE-2007-1484 Exec Code Mem. Corr. Bypass 2007-03-16 2018-10-19
4.6
None Local Low Not required Partial Partial Partial
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
35 CVE-2007-1521 Exec Code 2007-03-20 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
36 CVE-2007-1522 Exec Code 2007-03-20 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
37 CVE-2007-1581 94 Exec Code 2007-03-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
38 CVE-2007-1582 Exec Code 2007-03-21 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.
39 CVE-2007-1583 2007-03-21 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
40 CVE-2007-1584 Exec Code Bypass 2007-03-21 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
41 CVE-2007-1649 2007-03-24 2017-07-29
7.8
None Remote Low Not required Complete None None
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
42 CVE-2007-1700 Exec Code 2007-03-27 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
43 CVE-2007-1701 502 Exec Code 2007-03-27 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".
44 CVE-2007-1709 119 Exec Code Overflow 2007-03-27 2018-10-16
4.3
None Local Low ??? Partial Partial Partial
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
45 CVE-2007-1710 Bypass 2007-03-27 2017-10-11
4.3
None Local Low ??? Partial Partial Partial
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
46 CVE-2007-1711 Exec Code 2007-03-27 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
47 CVE-2007-1717 2007-03-28 2018-10-30
5.0
None Remote Low Not required None Partial None
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
48 CVE-2007-1718 2007-03-28 2018-10-30
7.8
None Remote Low Not required None Complete None
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
49 CVE-2007-1777 Exec Code Overflow 2007-03-30 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
50 CVE-2007-1824 DoS Overflow 2007-04-02 2017-07-29
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
Total number of vulnerabilities : 113   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.