Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pfc1-97fv-gugu
Summary
PHP contains several vulnerabilities including a heap buffer overflow,
    potentially leading to the remote execution of arbitrary code under certain
    conditions.
Aliases
0
alias CVE-2007-1286
Fixed_packages
0
url pkg:ebuild/dev-lang/php@5.2.1-r3
purl pkg:ebuild/dev-lang/php@5.2.1-r3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.2.1-r3
1
url pkg:ebuild/dev-lang/php@5.2.2
purl pkg:ebuild/dev-lang/php@5.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.2.2
Affected_packages
0
url pkg:rpm/redhat/php@4.1.2-2?arch=17
purl pkg:rpm/redhat/php@4.1.2-2?arch=17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dyru-p94k-w7gp
1
vulnerability VCID-pfc1-97fv-gugu
2
vulnerability VCID-u2gv-h542-9bbt
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.1.2-2%3Farch=17
1
url pkg:rpm/redhat/php@4.3.2-40?arch=ent
purl pkg:rpm/redhat/php@4.3.2-40?arch=ent
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49jr-gtjs-1ba9
1
vulnerability VCID-4dt6-x8pa-yfh3
2
vulnerability VCID-96m2-stv4-j7bj
3
vulnerability VCID-busj-qfth-v7e3
4
vulnerability VCID-dyru-p94k-w7gp
5
vulnerability VCID-pfc1-97fv-gugu
6
vulnerability VCID-u2gv-h542-9bbt
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.3.2-40%3Farch=ent
2
url pkg:rpm/redhat/php@4.3.9-3.22?arch=4
purl pkg:rpm/redhat/php@4.3.9-3.22?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49jr-gtjs-1ba9
1
vulnerability VCID-4dt6-x8pa-yfh3
2
vulnerability VCID-96m2-stv4-j7bj
3
vulnerability VCID-busj-qfth-v7e3
4
vulnerability VCID-dyru-p94k-w7gp
5
vulnerability VCID-pfc1-97fv-gugu
6
vulnerability VCID-u2gv-h542-9bbt
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.3.9-3.22%3Farch=4
References
0
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
reference_id
reference_type
scores
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
1
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
reference_id
reference_type
scores
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
2
reference_url http://rhn.redhat.com/errata/RHSA-2007-0154.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2007-0154.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2007-0155.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2007-0155.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2007-0163.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2007-0163.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1286.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1286.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1286
reference_id
reference_type
scores
0
value 0.86051
scoring_system epss
scoring_elements 0.99396
published_at 2026-04-21T12:55:00Z
1
value 0.86051
scoring_system epss
scoring_elements 0.99388
published_at 2026-04-02T12:55:00Z
2
value 0.86051
scoring_system epss
scoring_elements 0.9939
published_at 2026-04-04T12:55:00Z
3
value 0.86051
scoring_system epss
scoring_elements 0.99391
published_at 2026-04-07T12:55:00Z
4
value 0.86051
scoring_system epss
scoring_elements 0.99392
published_at 2026-04-08T12:55:00Z
5
value 0.86051
scoring_system epss
scoring_elements 0.99393
published_at 2026-04-09T12:55:00Z
6
value 0.86051
scoring_system epss
scoring_elements 0.99394
published_at 2026-04-11T12:55:00Z
7
value 0.86051
scoring_system epss
scoring_elements 0.99395
published_at 2026-04-18T12:55:00Z
8
value 0.86051
scoring_system epss
scoring_elements 0.99397
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1286
7
reference_url http://secunia.com/advisories/24419
reference_id
reference_type
scores
url http://secunia.com/advisories/24419
8
reference_url http://secunia.com/advisories/24606
reference_id
reference_type
scores
url http://secunia.com/advisories/24606
9
reference_url http://secunia.com/advisories/24910
reference_id
reference_type
scores
url http://secunia.com/advisories/24910
10
reference_url http://secunia.com/advisories/24924
reference_id
reference_type
scores
url http://secunia.com/advisories/24924
11
reference_url http://secunia.com/advisories/24941
reference_id
reference_type
scores
url http://secunia.com/advisories/24941
12
reference_url http://secunia.com/advisories/24945
reference_id
reference_type
scores
url http://secunia.com/advisories/24945
13
reference_url http://secunia.com/advisories/25025
reference_id
reference_type
scores
url http://secunia.com/advisories/25025
14
reference_url http://secunia.com/advisories/25062
reference_id
reference_type
scores
url http://secunia.com/advisories/25062
15
reference_url http://secunia.com/advisories/25423
reference_id
reference_type
scores
url http://secunia.com/advisories/25423
16
reference_url http://secunia.com/advisories/25445
reference_id
reference_type
scores
url http://secunia.com/advisories/25445
17
reference_url http://secunia.com/advisories/25850
reference_id
reference_type
scores
url http://secunia.com/advisories/25850
18
reference_url http://security.gentoo.org/glsa/glsa-200703-21.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200703-21.xml
19
reference_url http://security.gentoo.org/glsa/glsa-200705-19.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200705-19.xml
20
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/32796
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/32796
21
reference_url https://issues.rpath.com/browse/RPL-1268
reference_id
reference_type
scores
url https://issues.rpath.com/browse/RPL-1268
22
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575
23
reference_url http://www.debian.org/security/2007/dsa-1282
reference_id
reference_type
scores
url http://www.debian.org/security/2007/dsa-1282
24
reference_url http://www.debian.org/security/2007/dsa-1283
reference_id
reference_type
scores
url http://www.debian.org/security/2007/dsa-1283
25
reference_url http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
26
reference_url http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
27
reference_url http://www.osvdb.org/32771
reference_id
reference_type
scores
url http://www.osvdb.org/32771
28
reference_url http://www.php-security.org/MOPB/MOPB-04-2007.html
reference_id
reference_type
scores
url http://www.php-security.org/MOPB/MOPB-04-2007.html
29
reference_url http://www.securityfocus.com/archive/1/466166/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/466166/100/0/threaded
30
reference_url http://www.securityfocus.com/bid/22765
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/22765
31
reference_url http://www.trustix.org/errata/2007/0009/
reference_id
reference_type
scores
url http://www.trustix.org/errata/2007/0009/
32
reference_url http://www.vupen.com/english/advisories/2007/1991
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/1991
33
reference_url http://www.vupen.com/english/advisories/2007/2374
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/2374
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1618297
reference_id 1618297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1618297
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-1286
reference_id CVE-2007-1286
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2007-1286
37
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16310.rb
reference_id CVE-2007-1286;OSVDB-32771
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16310.rb
38
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/9939.rb
reference_id CVE-2007-1286;OSVDB-32771
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/9939.rb
39
reference_url https://security.gentoo.org/glsa/200703-21
reference_id GLSA-200703-21
reference_type
scores
url https://security.gentoo.org/glsa/200703-21
40
reference_url https://security.gentoo.org/glsa/200705-19
reference_id GLSA-200705-19
reference_type
scores
url https://security.gentoo.org/glsa/200705-19
41
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/3396.php
reference_id OSVDB-32771;CVE-2007-1286
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/3396.php
42
reference_url https://access.redhat.com/errata/RHSA-2007:0154
reference_id RHSA-2007:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0154
43
reference_url https://access.redhat.com/errata/RHSA-2007:0155
reference_id RHSA-2007:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0155
44
reference_url https://access.redhat.com/errata/RHSA-2007:0163
reference_id RHSA-2007:0163
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0163
Weaknesses
Exploits
0
date_added null
description 
This module exploits an integer overflow vulnerability in the unserialize()
          function of the PHP web server extension. This vulnerability was patched by
          Stefan in version 4.5.0 and applies all previous versions supporting this function.
          This particular module targets numerous web applications and is based on the proof
          of concept provided by Stefan Esser. This vulnerability requires approximately 900k
          of data to trigger due the multiple Cookie headers requirement. Since we
          are already assuming a fast network connection, we use a 2Mb block of shellcode for
          the brute force, allowing quick exploitation for those with fast networks.

          One of the neat things about this vulnerability is that on x86 systems, the EDI register points
          into the beginning of the hashtable string. This can be used with an egghunter to
          quickly exploit systems where the location of a valid "jmp EDI" or "call EDI" instruction
          is known. The EDI method is faster, but the bandwidth-intensive brute force used by this
          module is more reliable across a wider range of systems.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2007-03-04
exploit_type null
platform Linux
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/php/php_unserialize_zval_cookie.rb
1
date_added 2007-02-28
description PHP < 4.5.0 - Unserialize Overflow (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2007-03-01
exploit_type remote
platform php
source_date_updated null
data_source Exploit-DB
source_url
Severity_range_score6.8 - 6.8
Exploitability2.0
Weighted_severity6.1
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pfc1-97fv-gugu