Shodan

172.105.38.93

Regular View Raw Data Timeline
Last Seen: 2025-03-23

GeneralInformation

Hostnames li1990-93.members.linode.com
clientarea.technocravers.com
Domains linode.com technocravers.com 
Cloud Provider Linode
Cloud Region in-mh
Country India
City Mumbai
Organization Linode
ISP Akamai Connected Cloud
ASN AS63949

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)
CVE-2024-25117
6.8php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.
2022(4)
CVE-2022-37454
9.8The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2022-31629
6.5In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628
2.3In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-4900
6.2A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
2020(3)
CVE-2020-7070
4.3In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069
5.4In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7068
4.8In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
2019(1)
CVE-2019-11048
5.3In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
2017(1)
CVE-2017-8923
9.8The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
2013(1)
CVE-2013-2220
7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
2007(1)
CVE-2007-3205
5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

21 / tcp
415234638 | 2025-03-20T23:35:44.923724
25 / tcp
1465125220 | 2025-03-01T01:52:00.310409
53 / tcp
-916143117 | 2025-03-22T15:35:01.855865
53 / udp
-916143117 | 2025-03-11T13:52:22.410756
80 / tcp
-1154764451 | 2025-03-15T11:03:24.257278
110 / tcp
1952082069 | 2025-03-10T12:48:37.019026
443 / tcp
-1154764451 | 2025-03-23T22:13:10.680648
465 / tcp
707270347 | 2025-03-06T03:23:30.736107
993 / tcp
1520541986 | 2025-03-23T13:50:52.383657
995 / tcp
-1001764030 | 2025-03-14T22:22:49.603144
2031 / tcp
-212497420 | 2025-02-24T21:16:35.245253
2082 / tcp
-561447747 | 2025-03-13T19:55:15.544526
2083 / tcp
-212497420 | 2025-03-13T19:55:18.591435
2086 / tcp
-561447747 | 2025-03-14T12:34:34.783559
2087 / tcp
1018864518 | 2025-03-20T04:43:47.114536
3306 / tcp
-629368106 | 2025-03-20T14:39:01.538447



Products
Pricing
Contact Us

Shodan ® - All rights reserved