CVE-2007-2511
- EPSS 0.44%
- Veröffentlicht 09.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:45
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
- EPSS 8.43%
- Veröffentlicht 30.04.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:27
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
- EPSS 2.26%
- Veröffentlicht 10.04.2007 18:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:31
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression...
CVE-2007-1883
- EPSS 1.34%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:29
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t...
CVE-2007-1884
- EPSS 3.14%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:29
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the p...
CVE-2007-1885
- EPSS 4.25%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows...
CVE-2007-1886
- EPSS 1.69%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off ...
CVE-2007-1887
- EPSS 4.75%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca...
CVE-2007-1888
- EPSS 3.49%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some ...
CVE-2007-1889
- EPSS 3.09%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP ...