Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-3806

Published: 17/07/2007 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

The glob function in PHP 5.2.3 allows context-dependent malicious users to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.2.3

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-3806, CVE-2007-2519 and CVE-2007-3799
Debian Bug report logs - #441433 CVE-2007-3806, CVE-2007-2519 and CVE-2007-3799 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 9 Sep 2007 19:30:02 UTC Severit ...
Debian Security Advisories: DSA-1578-1 php4 -- several vulnerabilities
Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3799 The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters ...

Exploits

Exploit DB: PHP 5.2.3 - 'glob()' Denial of Service
<?php //PHP 523 glob() Remote DoS Exploit //author: shinnai //mail: shinnai[at]autistici[dot]org //site: shinnaialtervistaorg //Tested on xp sp2, worked both from the cli (EIP overwrite) and on apache (Denial of Service) //Bug discovered with "Footzo" (thanks to rgod) //To download Footzo: //original link: godraltervistao ...

Github Repositories

https://github.com/X1pe0/Nitro-Giveaway-Game-PHP

Discord Nitro Giveaway Game in PHP

Nitro-Giveaway-Game Please read Discord Nitro Giveaway Game in PHP, this script is rather old from years ago to learn PHP so please excuse any unneeded code Can definitely be implemented better Created as a challenge to use browser cookies as a method of storing historical choices from client -> server Used on Apache2 with PHP7 recently without issues (If you wish

References

CWE-20CWE-399http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=loghttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/5_2_4.phphttp://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlhttp://www.securityfocus.com/bid/24922http://www.securityfocus.com/bid/25498http://secunia.com/advisories/26085http://secunia.com/advisories/26642http://secunia.com/advisories/27102http://www.debian.org/security/2008/dsa-1578http://secunia.com/advisories/30288http://secunia.com/advisories/30158http://www.debian.org/security/2008/dsa-1572http://www.vupen.com/english/advisories/2007/2547http://osvdb.org/36085http://www.exploit-db.com/exploits/4181https://exchange.xforce.ibmcloud.com/vulnerabilities/35437https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441433https://nvd.nist.govhttps://github.com/X1pe0/Nitro-Giveaway-Game-PHPhttps://www.exploit-db.com/exploits/4181/https://www.debian.org/security/./dsa-1578
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook