88.198.67.178

Regular View Raw Data Timeline
Last Seen: 2025-02-15

GeneralInformation

Hostnames allofspain.com
www.allofspain.com
main.hostnetwork.ro
Domains allofspain.com hostnetwork.ro 
Country Germany
City Falkenstein
Organization Network Address for Servers
ISP Hetzner Online GmbH
ASN AS24940

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024
CVE-2024-25117
6.8php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.
CVE-2024-5458
5.3In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
2023
CVE-2023-32315
8.6Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
2022
CVE-2022-4900
6.2A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
2021
CVE-2021-45967
9.8An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
2019
CVE-2019-18394
9.8A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
CVE-2019-18393
5.3PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
CVE-2019-15488
6.1Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
2017
CVE-2017-15911
4.8The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.
2013
CVE-2013-2220
7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
2007
CVE-2007-3205
5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
21 / tcp
-1277272547 | 2025-02-11T09:45:13.991873
25 / tcp
-43885814 | 2025-02-15T01:27:57.395664
53 / tcp
-1606698947 | 2025-02-15T08:06:23.643748
53 / udp
-1606698947 | 2025-02-14T13:31:07.065660
80 / tcp
260722351 | 2025-02-12T04:39:15.636112
110 / tcp
1952082069 | 2025-02-14T01:45:08.084064
143 / tcp
1459320369 | 2025-02-12T11:47:56.343925
443 / tcp
-911306123 | 2025-02-11T08:43:39.672809
465 / tcp
573725075 | 2025-02-14T17:50:39.390504
587 / tcp
-2037162311 | 2025-02-02T23:14:51.387233
993 / tcp
1835310628 | 2025-02-15T02:28:22.699791
995 / tcp
-1001764030 | 2025-01-28T23:58:06.560940
3306 / tcp
2072209720 | 2025-02-05T15:27:29.904655
5222 / tcp
1113798502 | 2025-01-31T13:25:59.458119
5269 / tcp
805542333 | 2025-02-11T16:09:48.092621
7070 / tcp
1605054563 | 2025-01-29T10:47:41.451638
7443 / tcp
-1330388321 | 2025-02-11T13:44:48.791776
9090 / tcp
-989365817 | 2025-01-31T23:38:52.830536



Contact Us

Shodan ® - All rights reserved