This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP
<= 5.1.2 allows remote attackers to inject arbitrary web script or
HTML via long array variables, including (1) a large number of
dimensions or (2) long values, which prevents HTML tags from being
Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows
local users to bypass open_basedir restrictions and allows remote
attackers to create files in arbitrary directories via the tempnam
The copy function in file.c in PHP <= 5.1.2 allows local users to
bypass safe mode and read arbitrary files via a source argument
containing a compress.zlib:// URI. (CVE-2006-1608)
Updated packages have been patched to address these issues. After
upgrading these packages, please run 'service httpd restart'.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3