9 matches found
EUVD-2007-2720
Malware in sbrugna...
SUSE CVE-2007-2728
The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue...
SUSE CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
SuSE9 Security Update : PHP4 (YOU Patch Number 11666)
This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
Sql injection
The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727...
CVE-2007-2727
CVE-2007-2727 affects PHP via mcrypt_create_iv using an uninitialized seed, causing a predictable IV and enabling context-dependent attackers to decrypt data more easily. The issue is fixed in PHP releases after the cited versions; patches were included in SuSE/OpenVAS advisories for PHP4/PHP5, a...