Test ID:	1.3.6.1.4.1.25623.1.0.110171
Category:	Web application abuses
Title:	PHP < 5.2.14 Multiple Vulnerabilities
Summary:	PHP is prone to multiple vulnerabilities.
Description:	Summary: PHP is prone to multiple vulnerabilities. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1581 BugTraq ID: 23062 http://www.securityfocus.com/bid/23062 https://www.exploit-db.com/exploits/3529 http://php-security.org/2010/05/01/mops-2010-001-php-hash_update_file-already-freed-resource-access-vulnerability/index.html http://www.php-security.org/MOPB/MOPB-28-2007.html http://secunia.com/advisories/24542 XForce ISS Database: php-hashupdatefile-code-execution(33248) https://exchange.xforce.ibmcloud.com/vulnerabilities/33248 Common Vulnerability Exposure (CVE) ID: CVE-2010-0397 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 38708 http://www.securityfocus.com/bid/38708 http://www.mandriva.com/security/advisories?name=MDVSA-2010:068 http://www.openwall.com/lists/oss-security/2010/03/12/5 http://www.redhat.com/support/errata/RHSA-2010-0919.html http://secunia.com/advisories/42410 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vupen.com/english/advisories/2010/0724 http://www.vupen.com/english/advisories/2010/3081 Common Vulnerability Exposure (CVE) ID: CVE-2010-1860 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://php-security.org/2010/05/06/mops-2010-010-php-html_entity_decode-interruption-information-leak-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1862 http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1864 http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html Common Vulnerability Exposure (CVE) ID: CVE-2010-2097 http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html Common Vulnerability Exposure (CVE) ID: CVE-2010-2100 http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html Common Vulnerability Exposure (CVE) ID: CVE-2010-2101 http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html Common Vulnerability Exposure (CVE) ID: CVE-2010-2190 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html XForce ISS Database: php-substrreplace-info-disclosure(59220) https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 Common Vulnerability Exposure (CVE) ID: CVE-2010-2191 http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html XForce ISS Database: php-parsestr-info-disclosure(59221) https://exchange.xforce.ibmcloud.com/vulnerabilities/59221 Common Vulnerability Exposure (CVE) ID: CVE-2010-2225 40860 http://secunia.com/advisories/40860 40948 http://www.securityfocus.com/bid/40948 APPLE-SA-2010-08-24-1 DSA-2089 http://www.debian.org/security/2010/dsa-2089 HPSBOV02763 SSRT100826 SUSE-SR:2010:017 SUSE-SR:2010:018 http://pastebin.com/mXGidCsd http://support.apple.com/kb/HT4312 http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 https://bugzilla.redhat.com/show_bug.cgi?id=605641 php-splobjectstorage-code-execution(59610) https://exchange.xforce.ibmcloud.com/vulnerabilities/59610 Common Vulnerability Exposure (CVE) ID: CVE-2010-2484 APPLE-SA-2010-11-10-1 http://support.apple.com/kb/HT4435 http://www.php.net/releases/5_2_14.php https://bugzilla.redhat.com/show_bug.cgi?id=619324 Common Vulnerability Exposure (CVE) ID: CVE-2010-2531 42410 ADV-2010-3081 DSA-2266 http://www.debian.org/security/2011/dsa-2266 HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 RHSA-2010:0919 SSRT100409 [oss-security] 20100713 CVE request, php var_export http://www.openwall.com/lists/oss-security/2010/07/13/1 [oss-security] 20100716 Re: Re: CVE request, php var_export http://www.openwall.com/lists/oss-security/2010/07/16/3 http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143 http://www.php.net/archive/2010.php#id2010-07-22-1 http://www.php.net/archive/2010.php#id2010-07-22-2 https://bugzilla.redhat.com/show_bug.cgi?id=617673 Common Vulnerability Exposure (CVE) ID: CVE-2010-3065 Debian Security Information: DSA-2089 (Google Search) http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
Copyright	Copyright (C) 2012 NopSec Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.