The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
CVSS Score
9.3
EPSS Score
0.03
Published
2007-10-23
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVSS Score
4.3
EPSS Score
0.034
Published
2007-10-14
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-10-12
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
CVSS Score
5.0
EPSS Score
0.003
Published
2007-09-27
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
CVSS Score
6.8
EPSS Score
0.006
Published
2007-09-14
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
CVSS Score
4.3
EPSS Score
0.02
Published
2007-09-14
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVSS Score
5.0
EPSS Score
0.016
Published
2007-09-12
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-09-12
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVSS Score
5.0
EPSS Score
0.033
Published
2007-09-10
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVSS Score
5.0
EPSS Score
0.016
Published
2007-09-10