CVE-2010-4728

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

PHP 32 bit weak random seed

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

PHP weak 64 bit random seed

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...

PHP 32 bit weak random seed

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

CVE-2008-2108

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...

CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

CVE-2008-2108

CVE-2008-2108 affects PHP 4.x prior to 4.4.8 and PHP 5.x prior to 5.2.5 on 64-bit systems. The GENERATE_SEED macro’s precision loss during 64-bit multiplication yields only 24 bits of entropy, making brute‑force attacks against protections using rand/mt_rand easier. The issue is fixed in the adve...

CVE-2008-2107

The CVE concerns PHP’s GENERATE_SEED macro on 32-bit builds, where a rare multiplication can yield a zero seed, allowing an attacker to predict subsequent values of rand() and mt_rand(). Affected are PHP 4.x before 4.4.8 and 5.x before 5.2.5; multiple advisories note this issue across Linux distr...

PT-2007-4044 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A design error in the make http soap request function in PHP's soap extension causes it to call php rand r with an uninitialized variable, potentially leading to weak encryption of sensitive...

CVE-2002-1511

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand function instead of srand, which causes vncserver to generate weak cookies...