Published: 06/03/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 695

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow in PHP 4.4.4 and previous versions allows remote context-dependent malicious users to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1286 Stefan Esser discovered an overflow in the object reference handling code of the un ...

<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\_ ...

## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Ms ...

## # $Id: php_unserialize_zval_cookierb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

NVD-CWE-Other http://www.php-security.org/MOPB/MOPB-04-2007.html http://security.gentoo.org/glsa/glsa-200703-21.xml http://www.securityfocus.com/bid/22765 http://www.osvdb.org/32771 http://secunia.com/advisories/24606 http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 https://issues.rpath.com/browse/RPL-1268 http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24945 http://secunia.com/advisories/24941 http://www.debian.org/security/2007/dsa-1282 http://www.debian.org/security/2007/dsa-1283 http://secunia.com/advisories/25025 http://secunia.com/advisories/25062 http://security.gentoo.org/glsa/glsa-200705-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 http://www.trustix.org/errata/2007/0009/http://secunia.com/advisories/25445 http://secunia.com/advisories/25423 http://secunia.com/advisories/24419 http://secunia.com/advisories/25850 http://www.vupen.com/english/advisories/2007/2374 http://www.vupen.com/english/advisories/2007/1991 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 https://exchange.xforce.ibmcloud.com/vulnerabilities/32796 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575 http://www.securityfocus.com/archive/1/466166/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1283 https://www.exploit-db.com/exploits/3396/

CVE-2007-1286

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect