Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.05.2006
Source:
SecurityVulns ID:6157
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:COSMOSHOP : Cosmoshop 8.11
 ASPBB : AspBB 0.5
 myspace : Myspace Friend Train 2.8
 CODEAVALANCHE : CodeAvalanche News 1.2
Original documentdocumentSECUNIA, [SA20171] CodeAvalanche News "password" SQL Injection Vulnerability (19.05.2006)
 documentluny_(at)_youfucktard.com, Myspace Friend Train v2.8 (19.05.2006)
 documentTeufeL Online, AspBB Forum "profile.asp & default.asp" XSS Vulnerability (19.05.2006)
 documentl0om, [cosmoshop again] sql injection + view all files as admin user (19.05.2006)

FreeType integer overflow
Published:19.05.2006
Source:
SecurityVulns ID:6159
Type:client
Threat Level:
5/10
Description:read_lwfn() integer overflow on LWFN files parsing.
Affected:FREETYPE : freetype 2.2
Original documentdocumentSECUNIA, [SA20100] FreeType "read_lwfn()" Integer Overflow Vulnerability (19.05.2006)

Sybase EAServer information leak
Published:19.05.2006
Source:
SecurityVulns ID:6160
Type:local
Threat Level:
5/10
Description:It's possible to retrieve GUI cleartext password entered by user with javax.swing.JPasswordField of javax.swing.JPasswordField UI component.
Affected:SYBASE : EAServer 5.2
 SYBASE : EAServer 5.0
Original documentdocumentSECUNIA, [SA20145] Sybase EAServer JPasswordField Password Disclosure (19.05.2006)

Solaris FTP server directory traversal
Published:19.05.2006
Source:
SecurityVulns ID:6161
Type:remote
Threat Level:
6/10
Affected:ORACLE : Solaris 9
Original documentdocumentSECUNIA, [SA20168] Solaris in.ftpd Directory Access Restriction Bypass Vulnerability (19.05.2006)

Sun N1 System Manager information leak
Published:19.05.2006
Source:
SecurityVulns ID:6162
Type:local
Threat Level:
5/10
Description:Password disclosure.
Affected:SUN : N1 System Manager 1.1
Original documentdocumentSECUNIA, [SA20127] Sun N1 System Manager Password Disclosure Vulnerability (19.05.2006)

Skype information leak
updated since 19.05.2006
Published:22.05.2006
Source:
SecurityVulns ID:6158
Type:client
Threat Level:
7/10
Description:It's possible to construct URL in the file file will be transferred from Skype user's computer to another skype user without any confirmation.
Affected:SKYPE : Skype 2.0
 SKYPE : Skype 2.5
Original documentdocumentBrett Moore, [Full-disclosure] Skype - URI Handler Command Switch Parsing (22.05.2006)
 documentSKYPE, SKYPE-SB/2006-001: Improper handling of URI arguments (19.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod