The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938) - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148) - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657) - crypt_blowfish was updated to 1.2. (CVE-2011-2483) - Multiple null pointer dereferences exist. - An unspecified crash exists in error_log(). - A buffer overflow vulnerability exists in crypt(). - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition. (OSVDB 126477)