EUVD-2010-5030

Malware in sbrugna...

Design/Logic Flaw

The createRandomPassword function in includes/functionscommon.php in Virtual War aka VWar 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mtsrand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack...

MyBB <= 1.4.11 论坛口令重置功能弱随机数漏洞

BUGTRAQ ID: 39404 MyBB是一款流行的Web论坛程序。 MyBB的口令重置实现在生成口令重置令牌和随机口令时使用了弱随机数，如果Web服务器重新使用了PHP进程的话攻击者就可以破解口令入侵任意账号。 MyBB在多处使用了mtsrand函数对随机数生成器提供种子： // Setup a unique posthash for attachment management if!$mybb-input'posthash' && $mybb-input'action' != "editdraft" mtsranddouble microtime 1000000; $postha...

Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Joomla Weak Random Password Reset Token Vulnerability Release Date: 2008/09/11 Last Modified: 2008/09/11 Author: Stefan Esser stefan.esseratsektioneins.de Application: Joomla = 1.5....

PunBB 1.2.16 - Blind Password Recovery

PunBB 1.2.16 - Blind Password Recovery ^0-94-0-92-0-92/td/', $s, $m; if count$m define'DATE', mktime0, 0, 0, $m2, $m3, $m1; else define'DATE', time - 86400; //just in case, the forum or account just has been created printf"Admin : %s\nDate : %s\n--\n", ADMIN, DATE; $h = curlinit; curlsetopt$h,...