CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

CVE-2008-2108

CVE-2008-2108 affects PHP 4.x prior to 4.4.8 and PHP 5.x prior to 5.2.5 on 64-bit systems. The GENERATE_SEED macro’s precision loss during 64-bit multiplication yields only 24 bits of entropy, making brute‑force attacks against protections using rand/mt_rand easier. The issue is fixed in the adve...

CVE-2008-2107

The CVE concerns PHP’s GENERATE_SEED macro on 32-bit builds, where a rare multiplication can yield a zero seed, allowing an attacker to predict subsequent values of rand() and mt_rand(). Affected are PHP 4.x before 4.4.8 and 5.x before 5.2.5; multiple advisories note this issue across Linux distr...

CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

CVE-2008-2108

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...

PT-2008-3624 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4 Description: The issue arises from the GENERATE SEED macro, which, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion...

PT-2007-4044 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A design error in the make http soap request function in PHP's soap extension causes it to call php rand r with an uninitialized variable, potentially leading to weak encryption of sensitive...

Cryptomathic - ActiveX Control Remote Buffer Overflow

source: https://www.securityfocus.com/bid/17852/info Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. Invoking the object from a...

CVE-2002-1511

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand function instead of srand, which causes vncserver to generate weak cookies...

CVE-2002-1511

The CVE-2002-1511 issue affects the vncserver wrapper for VNC prior to version 3.3.3r2-21, which uses rand() instead of srand() and thus generates weak cookies. Consequences are limited to authentication cookie guessing for VNC access. Publicly documented fixes are available: Red Hat RHSA-2003:06...

ftp_banner.txt

Banner Buffer Overflows found in Multible FTP Clients Discovered by Dennis Rand www.Infowarfare.dk ------------------------------------------------------------------------ SUMMARY A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large...