- Home
- CVEs with nessus.description==According to its banner, the version of PHP installed on the remote
host is older than 5.3.9. As such, it may be affected by the following
security issues :
- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a
call to '__autoload()'. (CVE-2011-3379)
- It is possible to create a denial of service condition
by sending multiple, specially crafted requests
containing parameter values that cause hash collisions
when computing the hash values for storage in a hash
table. (CVE-2011-4885)
- An integer overflow exists in the exif_process_IFD_TAG
function in exif.c that can allow a remote attacker to
read arbitrary memory locations or cause a denial of
service condition. This vulnerability only affects PHP
5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)
- Calls to libxslt are not restricted via
xsltSetSecurityPrefs(), which could allow an attacker
to create or overwrite files, resulting in arbitrary
code execution. (CVE-2012-0057)
- An error exists in the function 'tidy_diagnose' that
can allow an attacker to cause the application to
dereference a NULL pointer. This causes the application
to crash. (CVE-2012-0781)
- The 'PDORow' implementation contains an error that can
cause application crashes when interacting with the
session feature. (CVE-2012-0788)
- An error exists in the timezone handling such that
repeated calls to the function 'strtotime' can allow
a denial of service attack via memory consumption.
(CVE-2012-0789)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top