Magento CMS Predictable Random Number Generation Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A predictable random number generation vulnerability exists in Magento CMS Attackers can exploit this vulnerability to predict random numbers and infer passwords...

expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

lib32-expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

Debian DSA-3562-1 : tardiff - security update

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell...

[SECURITY] [DSA 3562-1] tardiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3562-1] tardiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3562-1 (tardiff - security update)

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters...

Debian: Security Advisory (DSA-3562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 'openssl_random_pseudo_bytes()' function design vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. There is a security vulnerability in PHP that can be exploited by an attacker to cause the program to generate predictable random numbers...

FreeBSD : ansible -- use of predictable paths in lxc_container (253c6889-06f0-11e6-925f-6805ca0b3d42)

Ansible developers report : CVE-2016-3096: do not use predictable paths in lxccontainer - do not use a predictable filename for the LXC attach script - don't use predictable filenames for LXC attach script logging - don't set a predictable archivepath this should prevent symlink attacks which cou...

openSUSE Security Update : gcc5 (openSUSE-2016-472)

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

The vulnerability of the microprogrammed software of the N600 DB Belkin F9K1102 allows a hacker to replace the responses to requests.

The vulnerability of the N600 DB Belkin F9K1102 router’s microprogramming software exists due to the use of an incorrect algorithm for selecting the value of the ID in the DNS query header. Exploiting this vulnerability allows a malicious actor to replace the responses to queries by predicting th...

openSUSE Security Update : lhasa (openSUSE-2016-454)

This update for lhasa to 0.3.1 fixes the following issues : These security issues were fixed : - CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH level 3 header decodes boo973790 These non-security issues were fixed : - PMarc -pm1- archives that contain truncated compresse...

Default credentials

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time...

CVE-2016-0783

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time...

SUSE-SU-2016:0908-2 Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

Arbitrary File Write

Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...

Udemy: Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate

I recently purchased a gift for a friend, and noticed the share URL gift ID was simply numeric. I managed to access other people's gifts simply by incrementing and decrementing the ID by 2, I was able to verify that the price was dropped to "Free", regardless of if I was logged in or not, and I w...

QNAP Systems Signage Station Script Execution Vulnerability

QNAP Systems Signage Station is a suite of ad creation applications for QNAP NAS. A security vulnerability in QNAP Systems Signage Station allows a remote attacker to upload malicious files using predictable URLs and execute scripts in the files with administrator privileges...

openSUSE Security Update : gummi (openSUSE-2016-266)

This update for gummi fixes the following issues : - CVE-2015-7758: predictable filenames in /tmp based on basename - use final upstream patch boo949682 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...