Regular View Raw Data History
Last Seen: 2023-03-26


Hostnames www.sofi.hosting.energy, sofi.hosting.energy, xn--80aeciarkivf2i.xn--p1ai, www.xn--80aeciarkivf2i.xn--p1ai, sofi-shared.hosting.energy
Domains hosting.energyxn--80aeciarkivf2i.xn--p1ai
Country Poland
City Warsaw
Organization Hosting Energy
ASN AS16276


Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVE-2021-21706 In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
CVE-2021-21705 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
CVE-2021-21704 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
1231147643 | 2023-03-24T07:40:56.594263
21 / tcp
-954586136 | 2023-03-22T21:42:21.169034
25 / tcp
530601111 | 2023-03-19T10:04:56.898589
53 / tcp
530601111 | 2023-03-15T10:11:12.459003
53 / udp
-1378650914 | 2023-03-23T11:56:34.987357
80 / tcp
97492738 | 2023-03-23T10:34:38.214111
110 / tcp
-1925419952 | 2023-03-14T21:55:17.327844
443 / tcp
842611961 | 2023-03-26T20:11:58.912385
465 / tcp
1055293435 | 2023-03-21T02:05:12.460144
993 / tcp
2062522430 | 2023-03-26T01:58:26.532911
995 / tcp
-1709691161 | 2023-03-11T05:18:44.745570
3306 / tcp

Contact Us

Shodan ® - All rights reserved