192.169.173.98

Regular View Raw Data Timeline
Last Seen: 2025-02-12
Tags:
eol-product

GeneralInformation

Hostnames bingbangfireworks.com
www.bingbangfireworks.com
98.173.169.192.host.secureserver.net
prod.phx3.secureserver.net
Domains bingbangfireworks.com secureserver.net 
Country United States
City Phoenix
Organization GoDaddy.com, LLC
ISP GoDaddy.com, LLC
ASN AS398101

WebTechnologies

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024
CVE-2024-25117
6.8php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.
CVE-2024-5458
5.3In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
2022
CVE-2022-4900
6.2A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
2013
CVE-2013-2220
7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
2007
CVE-2007-3205
5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

80 / tcp
-791974071 | 2025-02-12T16:13:12.773389
443 / tcp
0 | 2025-02-03T06:09:28.501805
993 / tcp
-1132241830 | 2025-02-01T21:12:35.398368
2087 / tcp
-1992420630 | 2025-01-31T02:46:41.192317



Contact Us

Shodan ® - All rights reserved