- EPSS 4.7%
- Veröffentlicht 10.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:47
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie...
- EPSS 3.63%
- Veröffentlicht 10.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:47
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) ...
- EPSS 2.55%
- Veröffentlicht 10.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:47
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that su...
- EPSS 2.03%
- Veröffentlicht 05.09.2007 00:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:33
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
CVE-2007-4657
- EPSS 2.99%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:31
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func...
CVE-2007-4658
- EPSS 2.03%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:31
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4659
- EPSS 3.27%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:31
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
CVE-2007-4660
- EPSS 2.61%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:31
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
CVE-2007-4661
- EPSS 2.36%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:31
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting...
CVE-2007-4662
- EPSS 3.38%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:32
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.