12 matches found
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryption...
CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
CVE-2014-5386
The mcryptcreateiv function in hphp/runtime/ext/mcrypt/extmcrypt.cpp in Facebook HipHop Virtual Machine HHVM before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single...
CVE-2014-5386
CVE-2014-5386 affects Facebook HHVM: the mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp does not seed the random number generator before HHVM 3.3.0, which enables remote attackers to defeat cryptographic protections by reusing a single initialization vector. Root cause is lac...
CVE-2014-5386
The mcryptcreateiv function in hphp/runtime/ext/mcrypt/extmcrypt.cpp in Facebook HipHop Virtual Machine HHVM before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single...
CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
CVE-2007-2728
The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue...
Code injection
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
Sql injection
The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727...
CVE-2007-2727
CVE-2007-2727 affects PHP via mcrypt_create_iv using an uninitialized seed, causing a predictable IV and enabling context-dependent attackers to decrypt data more easily. The issue is fixed in PHP releases after the cited versions; patches were included in SuSE/OpenVAS advisories for PHP4/PHP5, a...
PHP mcrypt_create_iv不安全加密实现漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP生成随机加密种子的算法上存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 PHP的mcryptcreateiv函数以未初始化的变量做为种子调用phprandr,导致生成器反复生成相同的IV,具体取决于系统的栈结构。在某些情况下栈结构可能导致生成完全可预测的种子,因此也会生成可预测的IV,而非随机的IV会导致较弱的加密算法。 PHP PHP = 5.2.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...