Download
| Alert*
|
oval:org.secpod.oval:def:5830
The host is installed with PHP 5.4.3 or earlier and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted arguments that trigger incorrect handling of COM object VARIANT types. Successful exploitation allows remote attackers to execute arbitra ... oval:org.mitre.oval:def:12410 PHP 32 bit is installed oval:org.secpod.oval:def:2233 The host is installed with PHP before 5.3.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly implement the error_log function. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:2232 The host is installed with PHP before 5.3.7 and is prone to Buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long salt argument in the crypt function. Successful exploitation allows attackers to cause the affected application to crash. oval:org.secpod.oval:def:2235 The host is installed with PHP before 5.3.7 and is prone to multiple NULL pointer dereference vulnerabilities. The flaws are present in the application, which are caused by NULL-pointer dereference. Successful exploitation allows remote attackers to cause an application written in PHP to crash, deny ... oval:org.secpod.oval:def:2234 The host is installed with PHP 5.3.7 and is prone to security bypass vulnerability. A flaw is present in the application, which is caused due to the "crypt()" function only returning the salt when generating salted MD5 hashes. Successful exploitation allows remote attackers to bypass authentication ... oval:org.secpod.oval:def:463 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw in present in ext/shmop/shmop.c, which fails to handle overly long arguments passed to shmop_read() function. Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:540 The host is installed with PHP and is prone to information disclosure vulnerability. A flaw is present in the mb_strcut() function, which fails to handle overly large value passed to the length parameter. Successful exploitation could allow remote attackers to obtain sensitive information. oval:org.secpod.oval:def:587 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is present in _zip_name_locate function in zip_name_locate.c in the Zip extension, which fails to handle a ZIPARCHIVE::FL_UNCHANGED argument oval:org.secpod.oval:def:462 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw in present in ext/shmop/shmop.c, which fails to handle overly long arguments passed to shmop_read() function. Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:538 The host is installed with PHP and is prone to format string vulnerability. A flaw in present in phar_object.c, which improperly calls zend_throw_exception_ex() function when format string specifiers are passed in an argument to a class method. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:539 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw is present in the numfmt_get_symbol function, which fails to handle invalid arguments. Successful exploitation could allow remote attacker to cause denial of service. oval:org.secpod.oval:def:58 The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 where objects that are unreferenced by __set, __get, __isset, and __unset methods are freed early, which leads to heap memory corruption. Succ ... oval:org.secpod.oval:def:57 The host is installed with PHP and is prone to vulnerability. A flaw is present in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 where the function skips the headers that are unrecognized by the iconv and mbstring implementations. Successful exploitation allows at ... oval:org.secpod.oval:def:56 The host is installed with PHP and is prone to stack based buffer overflow vulnerability. A flaw is present in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 where the application crashes if anti-aliasing steps are invalid. Successful exploitation will cause a denial of service conditi ... oval:org.secpod.oval:def:55 The host is installed with PHP and is prone to SQL injection vulnerability. A flaw is present in the set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3. When the MySQLi extension is used, there is no proper interaction with the use of mysqli_fetch_assoc function. Successful exploitation could ... oval:org.secpod.oval:def:60 The host is installed with PHP and is prone to denial of service vulnerability. A flaw is present in the imap_do_open function in IMAP extension and imap_do_open function in IMAP extension which fails to perform input validation. Successful exploitation allows the attacker to execute arbitrary code ... oval:org.secpod.oval:def:590 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is caused due to integer overflow in the SdnToJulian function in the Calendar extension in PHP. Successful exploitation could allow remote attackers to cause a denial of service via a large integer in the first ... oval:org.secpod.oval:def:596 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present exif.c in the Exif extension in PHP on 64-bit platforms, which performs an incorrect cast oval:org.secpod.oval:def:595 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present in substr_replace() function, which makes the PHP to use the same pointer in three variables inside the function so when the pointer is changed by a type conversion inside the function, it invalids th ... oval:org.secpod.oval:def:592 The host is installed with PHP and is prone to Denial of Service vulnerability. The falw is due to unspecified vulnerability in the Streams component. Successful exploitation could allow remote attackers to cause a denial of service by accessing an ftp:// URL during use of an HTTP proxy with the FTP ... oval:org.secpod.oval:def:591 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is due to memory leaks while using openssl_decrypt and openssl_encrypt functions. Successful exploitation could allow remote attackers to a denial of service oval:org.secpod.oval:def:593 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present in stream_get_contents function, which fails to handle ziparchive stream. Successful exploitation could allow remote attackers to cause a denial of service via a ziparchive stream. oval:org.secpod.oval:def:589 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is due to Unspecified vulnerability in the NumberFormatter::setSymbol in the Intl extension in PHP. Successful exploitation could allow remote attackers to cause a denial of service via an invalid argument oval:org.secpod.oval:def:588 The host is installed with PHP and is prone to Denial of Service vulnerability. The falw is due to Buffer overflow in the strval function, when the precision configuration option has a large value. Successful exploitation could allow remote attackers to a denial of service via a small numerical valu ... oval:org.secpod.oval:def:76 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw is present is in the mt_rand function in PHP before 5.3.4, which always returns PRN - a number less than 0 whenever min is set to 0 and max is set to anything greater than the mt_ version. Successful exploitation a ... oval:org.secpod.oval:def:75 The host is installed with PHP and is prone to race condition vulnerability. A flaw is present is in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler has been defined and many concurrent signals are being delivered to it through ext/pcntl leading to a race condition. Succe ... oval:org.secpod.oval:def:74 The host is installed with PHP and is prone to security bypass vulnerability. A flaw is present is in the extract function in PHP before 5.2.15, which overwrites $GLOBALS and $this when using EXTR_OVERWRITE. Successful exploitation allows context-dependent attackers to bypass intended access restric ... oval:org.secpod.oval:def:73 The host is installed with PHP and is prone to security bypass vulnerability. A flaw is present is in the Standard PHP Library (SPL) extension in PHP before 5.3.4, which fails to properly detect symbolic links, i.e. the SplFileInfo::getType() for Symbolic link returns "dir" which in turn should retu ... oval:org.secpod.oval:def:1226 The host is installed with PHP and is prone to stack-based buffer overflow vulnerability. A flaw is present in the application which fails to perform adequate boundary checks on user-supplied input. Successful exploitation allows attacker to execute arbitrary machine code. oval:org.secpod.oval:def:1350 The host is installed with PHP and is prone to security bypass vulnerability. A flaw in present in SAPI_POST_HANDLER_FUNC() in rfc1867.c, which fails to filter user-supplied file path names when filling the $_FILES[] array. Successful exploitation could allow remote attackers to submit a specially c ... oval:org.secpod.oval:def:594 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is caused due to integer signedness error in zip_stream.c in the Zip extension. Successful exploitation could allow remote attackers to cause a denial of service via a malformed archive file that trig ... oval:org.secpod.oval:def:8928 The host is installed with PHP 5.3.9 through 5.3.13 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle the openssl_encrypt function in ext/openssl/openssl.c. Successful exploitation allows remote attackers to obtain sensitive information ... oval:org.secpod.oval:def:5831 The host is installed with PHP before 5.4.0 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to properly handle invalid [ (open square bracket) characters in name values. Successful exploitation allows attackers to cause a denial of service or cond ... oval:org.secpod.oval:def:5757 The host is installed with PHP 5.3.12 or 5.4.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle proper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. Successful exploitati ... oval:org.secpod.oval:def:5756 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle query strings that lack an = (equals sign). Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4159 The host is installed with PHP before 5.3.9 and is prone to denial of service vulnerability. A flaw is present in the application, which does not properly interact with the session feature. Successful exploitation allows emote attackers to cause an application crash. oval:org.secpod.oval:def:3940 The host is installed with PHP 5.3.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which performs strndup operations on untrusted string data. Successful exploitation could allow remote attackers to crash the service. oval:org.secpod.oval:def:3941 The host is installed with PHP 5.3.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:6723 The host is installed with PHP before 5.3.14 or 5.4.x before 5.4.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted parameter value. Successful exploitation allows remote attackers to cause a denial of service (out-of-bounds read ... oval:org.secpod.oval:def:6413 The host is installed with PHP before 5.3.15 or 5.4.0 before 5.4.5 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle the _php_stream_scandir function in the stream implementation. Successful exploitation has unknown impact and remote attack vector ... oval:org.secpod.oval:def:6412 The host is installed with PHP before 5.3.15 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle the SQLite functionality. Successful exploitation allows attackers to bypass the open_basedir protection mechanism via unspecified vectors. oval:org.secpod.oval:def:6404 The host is installed with PHP before 5.3.14 or 5.4.x before 5.4.4 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted tar file. Successful exploitation allows remote attackers to cause a denial of service or possibly execute arbitrar ... oval:org.secpod.oval:def:5759 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle query strings that contain a %3D sequence but no = (equals sign) character. Successful exploitation coul ... oval:org.secpod.oval:def:5758 The host is installed with PHP 5.4.x before 5.4.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long string in the header of an HTTP request. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:59 The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in PHP before 5.3.4 which allows a NULL byte injection where anything after a null byte in a string is truncated. Successful exploitation allows an attacker to bypass intended access restrictions by placin ... oval:org.secpod.oval:def:2231 The host is installed with PHP before 5.3.7 and is prone to information disclosure vulnerability. A flaw is present crypt_blowfish function in the application, which fails in proper handling of passwords with 8-bit characters. Successful exploitation allows attackers to obtain the MD5 password hash ... oval:org.secpod.oval:def:16641 The host is installed with PHP through 5.5.6 and is prone to denial of service vulnerability. The flaw is present in the scan function in ext/date/lib/parse_iso_intervals.c, which fails to handle the creation of DateInterval objects. Successful exploitation allows remote attackers to cause the heap- ... oval:org.secpod.oval:def:5760 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle query strings that lack an = (equals sign). Successful exploitation could allow attackers to execute arb ... |
