• This alert was generated using only banner information. It may be a false positive.
  
  Stefan Esser reported some vulnerabilities in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected. For a detailed explanation of the vulnerability read the referenced article.
  Vendor has released PHP 5.2.0 which fixes this issue.
  
  Affected PHP versions (up to 4.4.4/5.1.6).
  

• Upgrade PHP to the latest version.

• • PHP HTML Entity Encoder Heap Overflow Vulnerability
  • PHP Homepage

• 

• CVE-2006-5465

• CWE-119

• Denial Of Service Missing Update

• WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)
• PHP unserialize() used on user input
• Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)
• WordPress Plugin Visitors Online by BestWebSoft Cross-Site Scripting (0.9)
• WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)