5 matches found
SUSE CVE-2007-1701
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...
PHP Session Data Deserialization Arbitrary Code Execution Vulnerability
PHP is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescriptio...
Gentoo Security Advisory GLSA 200705-19 (php)
The remote host is missing updates announced in advisory GLSA 200705-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Double free
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...
CVE-2007-1701
Technical details for CVE-2007-1701 are not publicly provided in the supplied documents. The materials reference PHP-related advisories and multiple PHP issues but do not describe affected versions, root cause, impact, or remediation for this specific CVE. Monitor for updates.