Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2720

Malware in sbrugna...

5CVSS7.3AI score0.02424EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-2728

The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue...

5CVSS7AI score0.02424EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

2.6CVSS7.1AI score0.0186EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.51 views

SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.33 views

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References18
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.43 views

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.39 views

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References8
Prion
Prion
added 2007/05/16 10:30 p.m.22 views

Sql injection

The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727...

5CVSS6.5AI score0.02424EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2007/05/16 10:0 p.m.70 views

CVE-2007-2727

CVE-2007-2727 affects PHP via mcrypt_create_iv using an uninitialized seed, causing a predictable IV and enabling context-dependent attackers to decrypt data more easily. The issue is fixed in PHP releases after the cited versions; patches were included in SuSE/OpenVAS advisories for PHP4/PHP5, a...

2.6CVSS7.5AI score0.0186EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder