Test ID:	1.3.6.1.4.1.25623.1.0.110183
Category:	Web application abuses
Title:	PHP < 5.2.6 Multiple Vulnerabilities
Summary:	PHP is prone to multiple vulnerabilities.
Description:	Summary: PHP is prone to multiple vulnerabilities. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4850 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 27413 http://www.securityfocus.com/bid/27413 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search) http://www.securityfocus.com/archive/1/486856/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.openwall.com/lists/oss-security/2008/05/02/2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30411 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3562 http://securityreason.com/achievement_securityalert/51 http://www.ubuntu.com/usn/usn-628-1 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: php-curlinit-security-bypass(39852) https://exchange.xforce.ibmcloud.com/vulnerabilities/39852 XForce ISS Database: php-safemode-directive-security-bypass(42134) https://exchange.xforce.ibmcloud.com/vulnerabilities/42134 Common Vulnerability Exposure (CVE) ID: CVE-2007-6039 BugTraq ID: 26426 http://www.securityfocus.com/bid/26426 BugTraq ID: 26428 http://www.securityfocus.com/bid/26428 Bugtraq: 20071113 PHP <= 5.2.5 Gettext Lib Multiple Denial of service (Google Search) http://www.securityfocus.com/archive/1/483648/100/0/threaded Bugtraq: 20071113 PHP <= 5.2.5 stream_wrapper_register() denial of service (Google Search) http://www.securityfocus.com/archive/1/483644/100/0/threaded http://securityreason.com/securityalert/3365 http://securityreason.com/securityalert/3366 XForce ISS Database: php-multiple-gettext-dos(38443) https://exchange.xforce.ibmcloud.com/vulnerabilities/38443 XForce ISS Database: php-streamwrapperregister-dos(38442) https://exchange.xforce.ibmcloud.com/vulnerabilities/38442 Common Vulnerability Exposure (CVE) ID: CVE-2008-0599 Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/492535/100/0/threaded CERT/CC vulnerability note: VU#147027 http://www.kb.cert.org/vuls/id/147027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html http://security.gentoo.org/glsa/glsa-200811-05.xml HPdes Security Advisory: HPSBUX02342 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT080063 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.securitytracker.com/id?1019958 http://secunia.com/advisories/30083 http://secunia.com/advisories/30345 http://secunia.com/advisories/30616 http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/32746 http://secunia.com/advisories/35650 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951 http://www.vupen.com/english/advisories/2008/1810/references XForce ISS Database: php-vector-unspecified(42137) https://exchange.xforce.ibmcloud.com/vulnerabilities/42137 Common Vulnerability Exposure (CVE) ID: CVE-2008-1384 BugTraq ID: 28392 http://www.securityfocus.com/bid/28392 Bugtraq: 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/489962/100/0/threaded Debian Security Information: DSA-1572 (Google Search) http://www.debian.org/security/2008/dsa-1572 http://secunia.com/advisories/30158 http://secunia.com/advisories/30967 http://securityreason.com/achievement_securityalert/52 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html XForce ISS Database: php-phpsprintfappendstring-overflow(41386) https://exchange.xforce.ibmcloud.com/vulnerabilities/41386 Common Vulnerability Exposure (CVE) ID: CVE-2008-2050 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl 29009 30048 30083 30158 30345 30967 31200 31326 32746 ADV-2008-1412 ADV-2008-2268 APPLE-SA-2008-07-31 DSA-1572 GLSA-200811-05 MDVSA-2009:022 MDVSA-2009:023 SSA:2008-128-01 SUSE-SR:2008:014 USN-628-1 [oss-security] 20080502 CVE Request (PHP) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 http://www.php.net/ChangeLog-5.php https://issues.rpath.com/browse/RPL-2503 php-fastcgisapi-bo(42133) https://exchange.xforce.ibmcloud.com/vulnerabilities/42133 Common Vulnerability Exposure (CVE) ID: CVE-2008-2051 Debian Security Information: DSA-1578 (Google Search) http://www.debian.org/security/2008/dsa-1578 http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256 http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://secunia.com/advisories/30288 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124
Copyright	Copyright (C) 2012 NopSec Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.