38 matches found
Design/Logic Flaw
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
CVE-2016-10180
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
NETGEAR WNR2000v5 - Remote Code Execution
NETGEAR WNR2000v5 - Remote Code Execution Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality and has been deprecated. Please see the modules accepted into the Metasploit framework...
ALPINE-CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
DEBIAN-CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
CVE-2012-6702
CVE-2012-6702 affects the Expat XML parser. Root cause: Expat may call srand or be used with a non-zero seed in XML_SetHashSalt, weakening cryptographic protections. Impact: context-dependent attackers could defeat cryptographic protections via srand-based vectors. No explicit fix in the provided...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
Weak Cryptographic Protection
expat is vulnerable to having its cryptographic protection mechanisms defeated. This would only be possible when a parser that has not called XMLSetHashSalt or passed it a seed of 0. It is possible due to the use of the srand function...
CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
Design/Logic Flaw
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...
CVE-2010-4728
The CVE affects Zikula
CVE-2010-4568
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors,...
Design/Logic Flaw
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors,...
CVE-2002-1511
The CVE-2002-1511 issue affects the vncserver wrapper for VNC prior to version 3.3.3r2-21, which uses rand() instead of srand() and thus generates weak cookies. Consequences are limited to authentication cookie guessing for VNC access. Publicly documented fixes are available: Red Hat RHSA-2003:06...