Security feature bypass

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mtrand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack...

CVE-2013-6386

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mtrand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack...

CVE-2013-6386

Drupal 6.x before 6.29 and 7.x before 7.24 uses PHP mt_rand with predictable seeds, allowing remote attackers to predict security strings and bypass restrictions via brute force. Impact includes potential unauthorized access or bypass of protections as described in multiple advisories. Mitigation...

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

Drupal 7.x < 7.24 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.24. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

Mandriva Linux Security Advisory : drupal (MDVSA-2013:287-1)

Multiple security issues was identified and fixed in drupal : Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

PHP <5.3.4 mt_rand函数整数溢出漏洞

No description provided by source...

CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

Integer overflow

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

Default credentials

The myrand function in functions.php in MyBB aka MyBulletinBoard before 1.4.12 does not properly use the PHP mtrand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force atta...

PHP 5.3 < 5.3.4 Multiple Vulnerabilities

Binary data 801074.prm...

PHP 5.3.x < 5.3.4 Multiple Vulnerabilities

Binary data 5732.prm...

CVE-2008-4107

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...

CVE-2008-4107

CVE-2008-4107 (and related CVEs CVE-2008-2107/2108) involves PHP 5.2.x generating non-cryptographically strong random numbers due to flaws in rand/mt_rand seeding. The Initial Description notes this weakness affected security‑relevant functionality (password reset in Joomla! 1.5.x and WordPress p...

CVE-2008-4107

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...

Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Joomla Weak Random Password Reset Token Vulnerability Release Date: 2008/09/11 Last Modified: 2008/09/11 Author: Stefan Esser stefan.esseratsektioneins.de Application: Joomla = 1.5....

Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Joomla Weak Random Password Reset Token Vulnerability Release Date: 2008/09/11 Last Modified: 2008/09/11 Author: Stefan Esser stefan.esseratsektioneins.de Application: Joomla = 1.5....