EUVD-2011-0767

Malware in sbrugna...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

SUSE CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

GHSA-382V-GXJ9-FFHC Moodle uses predictable password-recovery tokens

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

CVE-2021-27913

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

Design/Logic Flaw

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

in phpservermon/phpservermon

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...

in phpservermon/phpservermon

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

Predictable Password Recovery

Moodle is vulnerable to predictable password recovery. The vulnerability exists because of not enough randomization of PHP mtrand function used in randomstring and complexrandomstring functions...

CVE-2015-5267

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

Drupal 7.x < 7.24 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.24. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

PHP <5.3.4 mt_rand函数整数溢出漏洞

No description provided by source...

CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

CVE-2008-2108

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...

CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

CVE-2008-2108

CVE-2008-2108 affects PHP 4.x prior to 4.4.8 and PHP 5.x prior to 5.2.5 on 64-bit systems. The GENERATE_SEED macro’s precision loss during 64-bit multiplication yields only 24 bits of entropy, making brute‑force attacks against protections using rand/mt_rand easier. The issue is fixed in the adve...

CVE-2008-2107

The CVE concerns PHP’s GENERATE_SEED macro on 32-bit builds, where a rare multiplication can yield a zero seed, allowing an attacker to predict subsequent values of rand() and mt_rand(). Affected are PHP 4.x before 4.4.8 and 5.x before 5.2.5; multiple advisories note this issue across Linux distr...