UBUNTU-CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

Sensio Labs Symfony Predictable Random Number Generation Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A predictable random number generation vulnerability exist...

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things IoT toy. The device utilizes network connectivity to provide...

SUSE SLED11 / SLES11 Security Update : mono-core (SUSE-SU-2016:0257-1)

mono-core was updated to fix the following vulnerabilities : - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation bsc958097 - CVE-2012-3543: Remote attackers could cause a denial of service throu...

Open Source Database Fuzzing: FuzzDB

FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It’s like an application security scanner, without the scanner. What’s in FuzzDB? Predictable Resource...

Kaspersky Total Security Security Bypass Vulnerability

Kaspersky Total Security is a comprehensive multi-device version of the Russian antivirus program. The Kaspersky Total Security program protects user-mode processes by allocating memory with Read, Write, Execute RWX privileges in predictable addresses, allowing an attacker to exploit this...

Amazon Linux AMI : perl-IPTables-Parse (ALAS-2015-627)

A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. C Tenable Network Security, Inc. The descriptive te...

CVE-2015-5287

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...

Code injection

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...

Trust Management Vulnerability in Multiple Arris Devices (CNVD-2015-07832)

The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A security vulnerability exists in a number of Arris devices that stems from the program's use of predictable technician passwords. The vulnerability can be exploited by a remote attacker to gain access via...

Mageia: Security Advisory (MGASA-2015-0449)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue...

CVE-2009-5149

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue...

CVE-2009-5149

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue...

Updated gcc packages fix security vulnerability

It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...

MGASA-2015-0449 Updated gcc packages fix security vulnerability

It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...

UBUNTU-CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

GE Hydran M2 Predictable TCP Initial Sequence Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on February 10, 2015, and is being released to the NCCIC/ICS-CERT web site. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National...

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...