| http://www.w3.org/ns/prov#value | - If a page included an HTML form with anACTION attribute referencing a non-local URL, the user's session ID wouldbe included in the form data passed to that URL. (CVE-2007-5899)It was discovered that PHP did not properly seed its pseudo-random numbergenerator used by functions such as rand() and mt_rand(), possibly allowingan attacker to easily predict the generated pseudo-random values.(CVE-2008-2
|
