Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...

Researchers Improve Random-Number Generation with Forced Memory 'Twitching'

A German research team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a “metastable state” where its...

Linux Kernel get_random_int函数不充分随机数漏洞

Linux kernel 2.6.x CVE ID: CVE-2009-3238 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/char/random.c文件中的getrandomint函数所生成的随机数随机性不够，攻击者可以相对容易的预测返回值，绕过基于随机化的保护机制。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

kernel: random: add robust get_random_u32, remove weak get_random_int

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

PT-2009-5554 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.30 Description: The issue concerns the production of insufficiently random numbers by the get random int function, allowing attackers to predict the return value. This could potentially defeat protection...

CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key...

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and Remote Command Execution. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 to 4.2.3 Vulnerability...

CVE-2008-4929

MyBB aka MyBulletinBoard 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames...

Design/Logic Flaw

MyBB aka MyBulletinBoard 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames...

CVE-2008-4929

MyBB aka MyBulletinBoard 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames...

PT-2008-6105 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions 1.4.2 Description: The issue is related to insufficient randomness used to compose filenames of uploaded files used as attachments. This makes it easier for remote attackers to read these files by guessing filenames...

Gentoo Security Advisory GLSA 200803-07 (paramiko)

The remote host is missing updates announced in advisory GLSA 200803-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200804-22 (pdns-recursor)

The remote host is missing updates announced in advisory GLSA 200804-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200803-07 (paramiko)

The remote host is missing updates announced in advisory GLSA 200803-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

bind: implement source UDP port randomization (CERT VU#800113)

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1544-2 [email protected] http://www.debian.org/security/ Florian Weimer July 16, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness

------------------------------------------------------------------------ Debian Security Advisory DSA-1544-2 [email protected] http://www.debian.org/security/ Florian Weimer July 16, 2008 http://www.debian.org/security/faq -...

Spoofing

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...