Установлен Apache 1.3.37 + PHP 4.4.5
SSS выдает следующие уязвимости...PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHP Multiple Unspecified Vulnerabilities
PHP is vulnerable to multiple unspecified vulnerabilities. These issues range from buffer-overflow to cross-site scripting vulnerabilities.The precise nature of these vulnerabilities is currently not known; this BID will be updated as further information becomes available.Some of the issues discussed may be related to other BIDs regarding PHP vulnerabilities.PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
PHP is prone to multiple 'safe_mode' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information, or to write files in unauthorized locations.These vulnerabilities would be an issue in shared-hosting configurations where multiple users have the ability to create and execute arbitrary PHP script code, when the 'safe_mode' and 'open_basedir' restrictions are expected to isolate the users from each other.These issues are reported to affect PHP versions 4.4.2 and 5.1.2; other versions may also be vulnerable.PHP Html_Entity_Decode() Information Disclosure Vulnerability
PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker.Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.PHP versions prior to 5.1.3-RC1 are vulnerable to this issue.
может причина в параметрах php.ini ?
Обновите пхп.