GeneralInformation

Hostnames	61-91-126-56.static.asianet.co.th assets.thailife.com www.assets.thailife.com
Domains	asianet.co.th thailife.com
Country	Thailand
City	Bangkok
Organization	True Internet Corporation Co. Ltd.
ISP	True Internet Data Center Company Limited
ASN	AS9287

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-51766	Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVE-2022-37452	Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-37451	Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2021-38371	5.0The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVE-2021-27216	6.3Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2020-8015	7.2A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-28026	9.3Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
CVE-2020-28025	5.0Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
CVE-2020-28024	7.5Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
CVE-2020-28023	5.0Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
CVE-2020-28022	7.5Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
CVE-2020-28021	9.0Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
CVE-2020-28020	7.5Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
CVE-2020-28017	7.5Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
CVE-2020-28016	7.2Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28015	7.2Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
CVE-2020-28014	5.6Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
CVE-2020-28013	7.2Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
CVE-2020-28012	7.2Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
CVE-2020-28011	7.2Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
CVE-2020-28010	7.2Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
CVE-2020-28009	7.2Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).
CVE-2020-28008	7.2Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.
CVE-2020-28007	7.2Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
CVE-2020-12783	5.0Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
CVE-2020-11579	5.0An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVE-2019-9641	7.5An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9639	5.0An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638	5.0An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637	5.0An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVE-2019-9024	5.0An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVE-2019-9023	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
CVE-2019-9021	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
CVE-2019-9020	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
CVE-2019-6977	6.8gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2019-15846	10.0Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-13917	10.0Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
CVE-2018-7584	7.5In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
CVE-2018-6789	7.5An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
CVE-2018-5712	4.3An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711	4.3gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVE-2018-20783	5.0In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
CVE-2018-19935	5.0ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
CVE-2018-19520	6.5An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
CVE-2018-19518	8.5University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
CVE-2018-19396	5.0ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
CVE-2018-19395	5.0ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").
CVE-2018-17082	4.3The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
CVE-2018-15132	5.0An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.
CVE-2018-14883	5.0An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
CVE-2018-14851	4.3exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
CVE-2018-10549	6.8An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
CVE-2018-10548	5.0An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
CVE-2018-10547	4.3An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
CVE-2018-10546	5.0An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545	1.9An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
CVE-2017-9229	5.0An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
CVE-2017-9228	7.5An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
CVE-2017-9227	7.5An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
CVE-2017-9226	7.5An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVE-2017-9224	7.5An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-8923	7.5The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-7963	5.0The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.
CVE-2017-7890	4.3The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
CVE-2017-7272	5.8PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-16642	5.0In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVE-2017-12933	7.5The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
CVE-2017-11628	6.8In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
CVE-2017-11147	6.4In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
CVE-2017-11145	5.0In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.
CVE-2017-11144	5.0In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-11143	5.0In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.
CVE-2017-11142	7.8In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
CVE-2017-1000369	2.1Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
CVE-2016-9963	2.6Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2016-1531	6.9Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVE-2016-1283	7.5The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2016-10161	5.0The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
CVE-2016-10160	7.5Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159	5.0Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158	5.0The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
CVE-2015-9253	6.8An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
CVE-2015-8994	6.8An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

53 80 443 465 8080

-1152336838 | 2024-05-09T11:45:29.333832

53 / udp

9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8
Resolver name: servernew1.thailife.com

-945025830 | 2024-05-12T05:42:34.906562

80 / tcp

HTTP/1.1 200 OK
Date: Sun, 12 May 2024 05:42:34 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

-1009722136 | 2024-05-06T03:32:51.967967

443 / tcp

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 May 2024 03:32:51 GMT
Server: Apache
X-Powered-By: PHP/5.6.29
Location: https://www.thailife.com
Content-Length: 0
Content-Type: text/html; charset=UTF-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:64:95:c3:bd:c1:1d:83:6c:38:27:75:9f:66:c1:ae
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
        Validity
            Not Before: Feb 28 00:00:00 2024 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: C=TH, ST=Bangkok, L=Din Daeng, O=Thai Life Insurance Public Company Limited, CN=assets.thailife.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c2:43:7e:81:f5:09:e0:de:ba:58:ad:6d:09:63:
                    77:63:bb:c4:2c:c3:98:8b:98:ec:76:0e:d0:46:2d:
                    ac:f8:2c:17:69:aa:59:1b:b0:3a:7a:68:2f:5f:06:
                    9a:43:72:59:6a:df:23:fe:d5:7b:e0:04:00:7f:ae:
                    88:3c:22:72:0f:7d:38:e7:83:c6:83:44:83:34:5e:
                    f7:49:ef:a7:7c:a3:76:4d:cc:4b:7e:d0:13:90:85:
                    fc:1d:ec:22:bb:5d:fb:27:db:b6:41:0c:b6:a2:73:
                    e9:d8:e5:9e:f4:69:9f:ab:69:d5:46:ec:48:03:64:
                    db:85:b9:71:9c:1a:d0:df:fa:21:c9:dd:5a:bf:28:
                    46:f6:7e:55:f6:62:aa:26:be:2d:fc:9d:c9:33:7e:
                    cd:29:04:2c:4d:0a:89:75:87:6a:de:78:c3:fc:a6:
                    4e:ed:87:45:c8:14:f3:52:91:08:59:7f:d5:77:19:
                    15:2b:5e:c5:3a:1c:69:66:5f:fb:cc:92:84:4c:19:
                    37:65:a2:c2:d8:1b:f9:68:d2:56:b8:69:d4:41:19:
                    30:fe:26:79:8d:c5:a6:51:94:1e:98:b6:02:54:36:
                    f8:9e:15:9c:15:85:c1:db:98:fe:40:52:7f:42:4b:
                    8c:9f:2d:dc:d9:9a:58:b7:40:78:33:1f:d0:80:55:
                    d6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                94:4F:D4:5D:8B:E4:A4:E2:A6:80:FE:FD:D8:F9:00:EF:A3:BE:02:57
            X509v3 Subject Key Identifier: 
                41:5B:B6:C3:CA:65:A2:2F:7B:4B:BB:9B:CB:36:AC:94:6C:0D:BB:AE
            X509v3 Subject Alternative Name: 
                DNS:assets.thailife.com, DNS:www.assets.thailife.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
            Authority Information Access: 
                OCSP - URI:http://status.geotrust.com
                CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Feb 28 04:26:43.668 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:99:A5:79:42:1E:CE:EE:3D:52:BA:2F:
                                1E:F9:EF:A3:F2:1F:9F:B7:F5:34:39:C4:5F:4B:2C:2E:
                                D5:D8:FB:7C:8A:02:21:00:84:7F:A7:4F:F9:5F:3E:5F:
                                39:9A:2A:C7:C5:D0:DF:F9:2A:E0:49:88:4D:1A:F0:37:
                                54:FC:D0:FE:AF:F5:2B:C0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Feb 28 04:26:43.727 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:79:73:3E:07:83:A7:3B:2E:2E:5F:7E:91:
                                1D:0C:74:91:FD:67:EF:DC:1D:84:F9:2E:01:3E:84:45:
                                6D:68:E8:5D:02:21:00:FC:01:AC:D1:8F:17:E7:F5:81:
                                94:DF:8E:5F:62:E9:A0:5C:60:F9:8D:6F:75:15:D5:59:
                                06:E4:B3:28:EE:56:1A
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Feb 28 04:26:43.759 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A2:AA:68:18:D9:16:58:B1:24:99:89:
                                5A:15:E1:D8:11:78:EF:3D:6C:AB:CB:EB:FB:99:0F:A2:
                                B4:65:C1:EA:4D:02:21:00:C0:70:3B:29:9C:18:F8:98:
                                57:28:0D:A9:06:86:79:DC:B5:80:3A:AC:C2:77:12:4E:
                                6C:82:04:33:67:BC:4C:71
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        03:b3:35:22:c7:be:dd:e0:59:4b:c9:4a:02:1b:fe:27:a4:f8:
        8e:5a:3b:5d:08:bb:b6:a1:14:4f:11:de:6c:b3:5f:9f:61:51:
        b5:87:6b:cd:53:6c:4a:aa:4e:71:84:94:1a:a4:c8:b4:c2:71:
        03:37:f5:63:75:7b:c6:95:0d:3e:e9:b6:c6:d0:7f:3f:c0:3f:
        56:40:f9:a0:84:6f:e4:c9:42:5c:7c:8f:b8:63:4d:bb:97:83:
        de:bb:31:d6:15:04:21:27:52:63:f1:08:e6:4b:84:f6:3d:3a:
        41:e1:a2:1c:44:45:ee:45:21:6f:0d:fa:b3:3b:1a:a3:f3:9a:
        34:c4:20:68:ff:0d:9b:24:5e:6f:99:79:2f:51:37:5a:81:4a:
        6d:94:04:5a:9a:ee:32:e9:23:fa:8e:4e:cd:cf:98:4e:87:b5:
        4b:8f:32:6d:14:14:44:d3:17:ad:d9:38:70:e6:65:7d:9e:2e:
        e7:dc:c9:0c:06:bd:26:86:16:02:76:9c:58:f3:6b:a9:23:b1:
        66:23:5e:ab:fa:9d:64:61:7a:f3:d9:cc:26:c8:f7:a8:71:77:
        74:d9:56:01:34:42:6b:73:15:93:77:62:08:a2:e3:18:79:03:
        83:df:86:ca:34:f3:0a:56:c2:d5:54:89:4d:67:0e:fd:62:69:
        e4:06:34:05

-491554779 | 2024-05-01T22:01:57.843692

465 / tcp

220-servernew1.thailife.com ESMTP Exim 4.86 #2 Thu, 02 May 2024 05:01:36 +0700 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.
250-servernew1.thailife.com Hello n9zbgol1ru.com [224.227.82.121]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8317286549 (0x1efbfb895)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=servernew1.thailife.com/emailAddress=ssl@servernew1.thailife.com
        Validity
            Not Before: Mar  3 01:38:07 2024 GMT
            Not After : Mar  3 01:38:07 2025 GMT
        Subject: CN=servernew1.thailife.com/emailAddress=ssl@servernew1.thailife.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:4e:05:0d:8b:c5:6d:7e:cc:47:3e:7a:8d:
                    87:48:e8:6e:4d:51:77:eb:e4:47:5d:95:bc:81:fb:
                    9a:11:6f:0e:79:40:19:a7:48:35:1d:6b:23:84:b6:
                    25:e9:58:f9:c0:51:a9:4a:a2:94:51:02:e8:db:fe:
                    fa:bc:41:0b:51:0f:89:57:7d:b2:23:b4:c9:95:72:
                    cd:20:e9:e2:c8:02:18:bf:8c:e6:64:a1:26:5e:00:
                    aa:53:e2:25:44:3d:57:5f:c1:bd:dc:8e:ac:44:ee:
                    f9:f5:5f:15:66:89:99:3a:58:bd:c9:f4:77:64:b4:
                    04:6b:0e:92:7c:16:57:40:b6:70:2a:9e:5f:3e:19:
                    4f:2e:d5:64:c5:e4:a7:9b:bb:ed:05:37:ac:17:bb:
                    69:3c:19:b3:00:97:20:4e:b1:15:ef:ea:95:44:f7:
                    00:bc:f9:56:48:a1:e2:04:cc:2c:ad:18:8a:67:e6:
                    6b:95:50:c3:2a:79:f3:c1:21:53:cf:b3:0d:a4:08:
                    d6:b6:9a:91:23:54:79:36:cb:c7:ea:c0:5f:d0:7e:
                    79:32:2f:b7:bc:3e:7d:e4:63:54:21:7f:5f:96:51:
                    c8:24:3f:4d:7b:d9:cc:af:4a:b8:0d:b6:7d:72:db:
                    26:a0:1b:0e:d9:a2:cd:90:bb:0c:58:5f:95:a8:31:
                    e7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                B6:82:A9:70:A4:5F:CA:BB:A4:4A:8C:FD:F9:9B:EE:AF:F7:A2:90:53
            X509v3 Authority Key Identifier: 
                B6:82:A9:70:A4:5F:CA:BB:A4:4A:8C:FD:F9:9B:EE:AF:F7:A2:90:53
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        93:09:8f:d2:48:e4:19:b6:7e:f3:c7:e2:3b:f1:0f:08:c8:f8:
        a7:1d:91:57:b4:e7:54:c5:e9:67:5f:7a:ae:d2:65:d8:03:3c:
        05:b4:3b:7e:f9:c6:d3:94:67:b7:cf:19:f3:23:3f:93:5e:c0:
        8f:71:0f:9e:e6:c3:d0:8f:47:b1:39:81:45:6b:8c:82:5c:48:
        f4:0c:e0:48:26:81:40:26:7b:98:e6:f5:03:b1:62:f8:93:51:
        f6:3a:ff:10:f4:44:9e:bc:78:ea:a8:76:23:39:36:27:22:46:
        67:ba:7d:5a:be:50:e1:ba:7a:8e:a1:35:bf:a7:8d:64:d0:35:
        55:ec:75:04:d1:cf:38:9f:a5:68:22:d8:de:38:75:e0:c6:92:
        87:50:80:25:89:8c:e9:37:65:b8:e0:74:67:2f:cf:08:c7:3f:
        a3:59:7e:95:52:3e:30:1d:52:4d:1f:e2:95:71:1e:bc:68:4f:
        f5:b1:45:da:1c:98:df:35:2b:62:5e:71:fa:22:5c:90:91:67:
        cb:7c:63:34:a1:21:af:06:3f:01:69:85:8c:e4:fa:d1:7c:a1:
        71:96:67:b5:66:b4:0c:83:24:45:cd:8b:2f:ac:8d:9e:b7:63:
        4c:0f:3d:de:51:48:e1:16:e1:9c:ee:df:14:fa:1e:15:49:89:
        b7:91:57:22

328564640 | 2024-05-08T08:40:50.801349

8080 / tcp

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 08:40:50 GMT

61.91.126.56

Last Seen: 2024-05-12

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1152336838 | 2024-05-09T11:45:29.333832
53 / udp

-945025830 | 2024-05-12T05:42:34.906562
80 / tcp

Apache httpd

-1009722136 | 2024-05-06T03:32:51.967967
443 / tcp

Apache httpd

-491554779 | 2024-05-01T22:01:57.843692
465 / tcp

Exim smtpd4.86

328564640 | 2024-05-08T08:40:50.801349
8080 / tcp

Apache Tomcat

Products

Pricing

Contact Us

61.91.126.56

Last Seen: 2024-05-12

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1152336838 | 2024-05-09T11:45:29.333832 53 / udp

-945025830 | 2024-05-12T05:42:34.906562 80 / tcp

Apache httpd

-1009722136 | 2024-05-06T03:32:51.967967 443 / tcp

Apache httpd

-491554779 | 2024-05-01T22:01:57.843692 465 / tcp

Exim smtpd4.86

328564640 | 2024-05-08T08:40:50.801349 8080 / tcp

Apache Tomcat

Products

Pricing

Contact Us

-1152336838 | 2024-05-09T11:45:29.333832
53 / udp

-945025830 | 2024-05-12T05:42:34.906562
80 / tcp

-1009722136 | 2024-05-06T03:32:51.967967
443 / tcp

-491554779 | 2024-05-01T22:01:57.843692
465 / tcp

328564640 | 2024-05-08T08:40:50.801349
8080 / tcp