21 matches found
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
PT-2026-42999
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
EUVD-2016-3638
Malware in sbrugna...
EUVD-2021-10076
Malware in sbrugna...
EUVD-2022-1704
Malicious code in bioql PyPI...
SUSE CVE-2010-1128
The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...
CVE-2022-0828
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the...
revive-adserver 安全特征问题漏洞
revive-adserver is an open source ad server licensed under the GNU General Public License. A security signature issue vulnerability exists in revive-adserver, which stems from a vulnerability in revive-adserver's generation of session IDs, based on the password-insecure uniqid PHP function...
PT-2021-15291 · Unknown · Revive Adserver
Name of the Vulnerable Software and Affected Versions: revive-adserver versions prior to 5.3.0 Description: The issue is related to the generation of session IDs, which is based on the cryptographically insecure uniqid PHP function. This could potentially allow an attacker to brute force session...
TYPO3 Security Feature Issue Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security signature issue vulnerability exists in the 'uniqid' function in TYPO3, which can be exploited by an attacker to brute-force hash values...
CVE-2010-3666
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function...
CVE-2010-3666
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function...
Design/Logic Flaw
Invision Power Services IPS Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the moreentropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation...
Design/Logic Flaw
The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...
CVE-2010-1128
The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...