PHP 5.4.x < 5.4.0 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities : - cryptblowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers ...

PHP 5.4.x < 5.4.44 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.4.x prior to 5.4.44. It is, therefore, affected by multiple vulnerabilities: - Multiple use-after-free vulnerabilities exist in the SPL component, due to improper handling of a specially crafted serialized object. A...

PHP 5.4.x < 5.4.41 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...

PHP 5.4.x < 5.4.39 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.39. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that thi...

PHP 5.4.x < 5.4.35 / 5.5.x < 5.5.19 / 5.6.x < 5.6.3 Out-of-Bounds Read

Binary data 8908.prm...

PHP 5.4.x < 5.4.37 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.37. It is, therefore, affected by multiple vulnerabilities: - The CGI component has an out-of-bounds read flaw in file 'cgimain.c' when nmap is used to process an invalid file that begins with a hash...

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially craft...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

PHP 5.4.x < 5.4.31 CLI Server 'header' DoS

According to its banner, the version of PHP 5.4.x in use on the remote web server is a version prior to 5.4.31. It is, therefore, affected by a denial of service vulnerability that affects the built-in command line development server. The function 'sapicliserversendheaders' in the file...

PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Binary data 8320.prm...

PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.29. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the 'cdfunpacksummaryinfo' function within 'src/cdf.c' where multiple fileprintf calls occur when handlin...

SOL15272 - PHP Vulnerability CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

PHP 5.4.x < 5.4.26 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.26. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the Fileinfo extension and the bundled libmagic library that could allow denial of...

PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞

BUGTRAQ ID: 64225 CVECAN ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时，"asn1timetotimet"函数ext/openssl/openssl.c出错，攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially affected by a memory corruption flaw in the way the opensslx509parse function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could...

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

PHP 5.4.x < 5.4.19 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.19. It is, therefore, potentially affected by the following vulnerabilities : - A heap corruption error exists in numerous functions in the file 'ext/xml/xml.c'. CVE-2013-4113 / Bug 65236 - An...

PHP 5.4.x < 5.4.17 Buffer Overflow (deprecated)

Binary data 6929.prm...

PHP 5.4.x < 5.4.17 Buffer Overflow

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.17. It is, therefore, potentially affected by a buffer overflow error that exists in the function 'pdopgsqlerror' in the file 'ext/pdopgsql/pgsqldriver.c'. Note that this plugin does not attem...