Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor

Description Froxlor uses microtime to seed uniqid which is then hashed to produce a session token, microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones. Both microtime and uniqid are cryptographically...

CVE-2019-19735

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes based only on microtime, which allows an attacker to guess the hash and set the password within a few hours by bruteforcing...

Design/Logic Flaw

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes based only on microtime, which allows an attacker to guess the hash and set the password within a few hours by bruteforcing...

LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...