Show filters
70 Total Results
Displaying 51-60 of 70
Sort by:
Attacker Value
Unknown
CVE-2007-1379
Disclosure Date: March 10, 2007 (last updated October 04, 2023)
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
0
Attacker Value
Unknown
CVE-2007-0909
Disclosure Date: February 13, 2007 (last updated October 04, 2023)
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
0
Attacker Value
Unknown
CVE-2007-0906
Disclosure Date: February 13, 2007 (last updated October 04, 2023)
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
0
Attacker Value
Unknown
CVE-2007-0907
Disclosure Date: February 13, 2007 (last updated October 04, 2023)
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
0
Attacker Value
Unknown
CVE-2007-0910
Disclosure Date: February 13, 2007 (last updated October 04, 2023)
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
0
Attacker Value
Unknown
CVE-2007-0905
Disclosure Date: February 13, 2007 (last updated October 04, 2023)
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
0
Attacker Value
Unknown
CVE-2006-3011
Disclosure Date: June 26, 2006 (last updated October 04, 2023)
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
0
Attacker Value
Unknown
CVE-2006-3017
Disclosure Date: June 14, 2006 (last updated October 04, 2023)
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
0
Attacker Value
Unknown
CVE-2006-1490
Disclosure Date: March 29, 2006 (last updated February 22, 2025)
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
0
Attacker Value
Unknown
CVE-2006-1017
Disclosure Date: March 07, 2006 (last updated February 22, 2025)
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
0