CVE-2009-1696

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...

CVE-2009-1696

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...

CVE-2009-1696

Removed by vendor...

CVE-2009-1696

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...

Random number generator and input name linebreaks can be used to send custom data to other sites

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...

JVN#20689557 Predictable session ID vulnerability in Serene Bach

Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored ...

kernel: random: add robust get_random_u32, remove weak get_random_int

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

ATEN IP KVM Switches multiple cryptographic vulnerabilities

Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...

CVE-2009-1629

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...

CVE-2009-1629

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...

CVE-2009-1629

Removed by vendor...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : vm-builder vulnerability (USN-670-1)

Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. This vulnerability only affects virtual machines created with vm-builder under...

Mandriva Update for perl-Net-DNS MDKSA-2007:146 (perl-Net-DNS)

Check for the Version of perl-Net-DNS OpenVAS Vulnerability Test Mandriva Update for perl-Net-DNS MDKSA-2007:146 perl-Net-DNS Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for perl-Net-DNS MDKSA-2007:146 (perl-Net-DNS)

Check for the Version of perl-Net-DNS OpenVAS Vulnerability Test Mandriva Update for perl-Net-DNS MDKSA-2007:146 perl-Net-DNS Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks...

CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks...

Ubuntu Update for vm-builder vulnerability USN-670-1

Ubuntu Update for Linux kernel vulnerabilities USN-670-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6701.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for vm-builder vulnerability USN-670-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for libnet-dns-perl vulnerabilities USN-483-1

Ubuntu Update for Linux kernel vulnerabilities USN-483-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4831.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libnet-dns-perl vulnerabilities USN-483-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Fedora Core 9 FEDORA-2009-2655 (pdfjam)

The remote host is missing an update to pdfjam announced via advisory FEDORA-2009-2655. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

PDFjam: Multiple vulnerabilities

Background PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Description Martin Vaeth reported multiple untrusted search path vulnerabilities CVE-2008-5843. Marcus Meissner of the SUSE Security Team reported that temporary files are created...