EUVD-2011-4875

Malware in sbrugna...

CVE-2021-41117 Insecure random number generation

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

PHP <= 5.3.1 - LCG Entropy Security Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG Linear Congruential entropy. Attackers can exploit this issue to steal sessions or other sensitive data. Versions prior to PHP 5.2.13 are affected...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

Sql injection

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2011-4970

Multiple SQL injection vulnerabilities affect LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM. The issues enable remote attackers to execute arbitrary SQL commands via numerous parameters (e.g., dpm_get_pending_req_by_token, dpm_get_cpr_by_fullid, dpm_insert_cpr_entry, dpm_update_spc...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2011-4970

Removed by vendor...

Weak Early Random PRNG Threatens iOS 7 Kernel Mitigations

VANCOUVER – A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of...

LCG Disk Pool Manager SQL Injection

Name: Multiple SQL Injection vulnerabilities in Disk Pool Manager DPM Author: Adam Zabrocki Date: November 27, 2009 Yes, it's very old bug ;P Description: LCG Disk Pool Manager DPM has been developed as part of the LCG project to provide a light-weight implementation of an SRM compliant Storage...

php: LCG entropy weakness

The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...

Fedora 11 : maniadrive-1.2-18.fc11 / php-5.2.13-1.fc11 (2010-4114)

This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related, including: Fixed safemode validation inside tempnam when the directory path does not does not end with a / Fixed a possible openbasedir/safemode bypass in the sessio...

Fedora 12 : maniadrive-1.2-21.fc12 / php-5.3.2-1.fc12 (2010-4212)

This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. Rasmus, Samy Kamkar - Fixed safemode validation inside tempnam when the directory path does not end with a /. Martin Jansen - Fixed a...

Mandriva Update for php MDVSA-2010:058 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:058 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

PHP < 5.2.13 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.3.2 / 5.2.13. Such versions may be affected by several security issues : - Directory paths not ending with '/' may not be correctly validated inside 'tempnam' in 'safemode' configuration. - It may be possible...

PHP 5.3.1 - LCG Entropy Security

PHP 5.3.1 - LCG Entropy Security source: https://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG Linear Congruential entropy. Attackers can exploit this issue to steal sessions or other sensitive data. Versions prior to PHP 5.2.13 are affected...

PHP 5.3.1 - LCG Entropy Security

source: https://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG Linear Congruential entropy. Attackers can exploit this issue to steal sessions or other sensitive data. Versions prior to PHP 5.2.13 are affected...

PHP 5.3 < 5.3.1 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues : - Sanity checks are missing in exif processing. - It is possible to bypass the 'safemode' configuration setting using 'tempnam'. - It is...