EUVD-2021-25611

Malware in sbrugna...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

Cross site scripting

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

CVE-2015-5267

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

Default credentials

The myrand function in functions.php in MyBB aka MyBulletinBoard before 1.4.12 does not properly use the PHP mtrand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force atta...