CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Publication date: Wed, 07 Mar 2007 02:19:00 +0000


Cyber News related to CVE-2007-1285

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-4670 - Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. ...
6 years ago
CVE-2007-1285 - The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. ...
10 months ago
CVE-2010-2168 - Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer ...
6 years ago
CVE-2010-2201 - Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, ...
6 years ago
CVE-2010-1285 - Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" ...
6 years ago
CVE-2019-1256 - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. ...
4 years ago
CVE-2019-1285 - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. ...
4 years ago
CVE-2013-1285 - The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, ...
4 years ago
CVE-2013-1287 - The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, ...
4 years ago
CVE-2013-1286 - The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, ...
4 years ago
CVE-2021-44028 - XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. ...
2 years ago
CVE-2018-1285 - Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. ...
2 years ago
CVE-2001-1285 - Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. ...
16 years ago
CVE-2002-1285 - runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. ...
16 years ago
CVE-2009-1285 - Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. ...
15 years ago
CVE-2006-1285 - SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain ...
13 years ago
CVE-2014-1285 - Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. ...
10 years ago
CVE-2005-1285 - Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. ...
8 years ago
CVE-2003-1285 - Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query ...
7 years ago
CVE-2004-1285 - Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream. ...
7 years ago
CVE-2017-1285 - IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. ...
7 years ago
CVE-2008-1285 - Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. ...
7 years ago
CVE-2016-1285 - named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed ...
7 years ago
CVE-1999-1285 - Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed. ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)