247 matches found
CVE-2009-3238
CVE-2009-3238 affects the Linux kernel (pre-2.6.30) where get_random_int in drivers/char/random.c produced insufficiently random numbers, enabling prediction of return values and potentially defeating defenses based on randomness. Several OS advisories (e.g., RHSA-2009:1438, ELSA-2009-1106/1438, ...
Google Chrome 6.0.472 - 'Math.Random()' Random Number Generation
source: https://www.securityfocus.com/bid/36185/info Google Chrome is prone to security vulnerability that may allow the application to generate weak random numbers. Successfully exploiting this issue may allow attackers to obtain sensitive information or gain unauthorized access. Chrome 3.0 Beta...
Session fixation
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...
CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...
CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...
CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...
CVE-2009-1696
Removed by vendor...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
Updated kernel-rt packages that fix several security issues and various bugs are now available for Red Hat Enterprise MRG 1.1.3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel-rt packages contain the Linux kernel, the core of any...
CVE-2009-1629
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...
Cross site request forgery (csrf)
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under modperl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery CSRF protectio...
CVE-2009-0486
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under modperl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery CSRF protectio...
GLSA-200811-05 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200811-05 PHP: Multiple vulnerabilities Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution i...
CVE-2008-4107
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...
Default credentials
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...
openSUSE 10 Security Update : pdns (pdns-5242)
pdns used predictable random numbers for DNS responses. Therfore attackers could generate spoofed DNS responses CVE-2008-1637. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update pdns-5242. The te...
Design/Logic Flaw
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...
CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...
CVE-2008-1484
PunBB 1.2.16 and earlier has a vulnerability in the password reset mechanism where the seed for the reset token is derived from the system time, enabling remote authenticated users to brute-force and determine a new password. The issue affects PunBB’s password reset function and can be exploited ...
Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PunBB Blind Password Recovery Vulnerability Release Date: 2008/02/20 Last Modified: 2008/02/20 Author: Stefan Esser stefan.esseratsektioneins.de Application: PunBB = 1.2.16 Severity...
CVE-2007-2926
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning...