CVE-2006-0632
published 2006-02-10CVE-2006-0632: The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by…
PriorityP426medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
2.50%
82.7th percentile
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hp9f-9w77-qm8f: The search function in phpBB 2
ghsa_unreviewed·2022-05-02·CVSS 6.4
CVE-2008-4125 [MEDIUM] CWE-200 GHSA-hp9f-9w77-qm8f: The search function in phpBB 2
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
GHSA
GHSA-3265-vrfj-hjqg: The gen_rand_string function in phpBB 2
ghsa_unreviewed·2022-05-01
CVE-2006-0632 [MEDIUM] GHSA-3265-vrfj-hjqg: The gen_rand_string function in phpBB 2
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/18727http://www.osvdb.org/22949http://www.r-security.net/tutorials/view/readtutorial.php?id=4http://www.securityfocus.com/archive/1/424074/100/0/threadedhttp://www.vupen.com/english/advisories/2006/0461https://exchange.xforce.ibmcloud.com/vulnerabilities/24573http://secunia.com/advisories/18727http://www.osvdb.org/22949http://www.r-security.net/tutorials/view/readtutorial.php?id=4http://www.securityfocus.com/archive/1/424074/100/0/threadedhttp://www.vupen.com/english/advisories/2006/0461https://exchange.xforce.ibmcloud.com/vulnerabilities/24573
2006-02-10
Published