CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

Design/Logic Flaw

In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers SEC-525...

CVE-2019-20494

In cPanel before 82.0.18, the RNG function Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). Affected product: cPanel (web hosting control panel). Vulnerable component: Cpanel::Rand::Get. Root cause: RNG predictability leads to low-entropy sequences. Impact: potential infor...

CVE-2019-20494

In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers SEC-525...

DEBIAN-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

CVE-2019-10064 affects hostapd prior to 2.6 in EAP mode, where rand() and random() are invoked without a preceding srand()/srandom(), leading to deterministic values. This behavior is described as an inappropriate use of randomness and is fixed in conjunction with CVE-2016-10743. Public reference...

UBUNTU-CVE-2013-2213

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...

DEBIAN-CVE-2020-8632

In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess passwords...

GHSA-H7QW-MXRM-C6H2 Unauthenticated crypto and weak IV in Magento\Framework\Encryption

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...

smb-vuln-webexec NSE Script

A critical remote code execution vulnerability exists in WebExService WebExec. See also: smb-webexec-exploit.nse Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. randomseed, smbbasic, smbport, smbsign See the...

Orange AirBox Information Disclosure Vulnerability

Orange AirBox is a portable wireless router product from Orange Luxembourg. A security vulnerability exists in goform/getWlanClientInfo in Orange AirBox version Y858FL01.1604. A remote attacker can exploit the vulnerability to obtain information about the currently connected device hostname, IP...

CVE-2018-18376

goform/getWlanClientInfo in Orange AirBox Y858FL01.1604 allows remote attackers to discover information about currently connected devices hostnames, IP addresses, MAC addresses, and connection time via the rand parameter...

CVE-2018-18375

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18375

The Red Hat/ NVD entry describes CVE-2018-18375 affecting Orange AirBox Y858_FL_01.16_04: the function goform/getProfileList can be queried with the rand parameter to extract APN data (name, number, username, password). The connected records confirm the vulnerable endpoint and data exposure but d...

Career Portal 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link:...

CVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

CVE-2016-5100

Summary: CVE-2016-5100 affects Froxlor prior to 0.9.35, where the code uses PHP’s rand() for random number generation, enabling a remote attacker to predict password reset tokens. The issue is documented across multiple advisories and security entries (openSUSE/OpenSUSE-SU-2021:0415/0450, GHSA-GH...

Insecure Random Number Generator

net-http-digestauth is vulnerable to insecure random number generation. The library uses Kernelrand which is a repeatable sequence of numbers, allowing a malicious user to guess the number under certain circumstances...