CVE-2007-1582
Public Exploits 1
ExploitDB · 1 EDB-3525 [local]
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-1582
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP GD扩展访问已释放资源漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP GD资源使用的机制上存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 如果PHP函数需要追踪数据结构的话,会使用Zend引擎注册资源。资源系统有引用计数器,但这些计数器只追踪指向实际资源的PHP变量,没有计数器计算有多少函数正在使用内部资源。由于这种设计导致PHP代码中存在一个bug。如果用户代码能够在通过资源标识符获得资源数据后中断PHP函数的话,就可以释放资源,在已释放资源相同的内存位置分配相同大小的PHP字符串
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-1582
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-1582
请登录查看更多情报信息。
Vendor Advisories for CVE-2007-1582 (2)
Exploits & Public PoCs for CVE-2007-1582 (1)
Other References for CVE-2007-1582 (1)
- http://www.php-security.org/MOPB/MOPB-27-2007.htmlx_refsource_MISC
Same Patch Batch · n/a · 2007-03-21 · 44 CVEs total
| CVE-2007-1578 | Atrium Mercur IMapD NTLM 栈缓冲区溢出漏洞 | |
| CVE-2007-1581 | PHP资源系统任意代码执行漏洞 | |
| CVE-2007-1580 | FTPDMIN Windows 驱动器号列表指令 远程拒绝服务漏洞 | |
| CVE-2007-1583 | Apple Mac OS X中PHP mb_parse_str function攻击漏洞 | |
| CVE-2007-1586 | Zyxel Router Zynos SMB 数据处理 拒绝服务漏洞 | |
| CVE-2007-1587 | Tim Soderstrom StatsDawg mail.tpl 任意程序运行漏洞 | |
| CVE-2007-1588 | MyServe server.cpp 权限许可和访问控制漏洞 | |
| CVE-2007-1589 | TrueCrypt卸载Set-EUID本地拒绝服务漏洞 | |
| CVE-2007-1590 | Grandstream BudgeTone 200 IP电话 拒绝服务攻击漏洞 | |
| CVE-2007-1585 | Linksys WAG200G DSL路由器/网关远程信息泄露漏洞 | |
| CVE-2007-1579 | Atrium Mercur IMAP SUBSCRIBE请求远程栈溢出漏洞 | |
| CVE-2007-1577 | GeBlog index.php 目录遍历漏洞 | |
| CVE-2003-1322 | Atrium Software Mercur Mailserver IMAP远程缓冲区溢出漏洞 | |
| CVE-2007-1002 | Gnome Evolution远程格式串处理漏洞 | |
| CVE-2007-0654 | XMMS皮肤文件整数溢出漏洞 | |
| CVE-2007-0653 | XMMS皮肤文件整数溢出漏洞 | |
| CVE-2007-1576 | PHProjekt 多个跨站脚本攻击漏洞 | |
| CVE-2007-1575 | PHProjekt 多个SQL注入漏洞 | |
| CVE-2007-1574 | CARE2X phpinfo.php直接请求 信息泄露漏洞 | |
| CVE-2007-1573 | Jelsoft Vbulletin admincp/attachment.php SQL注入漏洞 |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2007-1582
No comments yet