Top Web Vulnerabilities

Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08

mark.painter — Mon, 21 Jul 2008 20:03:00 GMT

1) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Microsoft Outlook Web Access (OWA) for Exchange Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. An advisory and updates which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30130

2) Xerox CentreWare Web Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

Xerox CentreWare Web is susceptible to multiple SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. A fix has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/30151

3) Sun Java Web Start Multiple Vulnerabilities

Sun Java Web Start is susceptible to multiple vulnerabilities including buffer overflows, privilege escalation and information disclosure issues. The user must first visit a malicious page before these vulnerabilities can be exploited. An attacker who leverages these issues could execute arbitrary code, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This could result in a compromise of the underlying system. Information obtained from the information disclosure vulnerabilities would also likely be utilized in orchestrating further attacks. Fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30148

4) IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities

IBM Maximo is susceptible to an HTML Injection and information disclosure vulnerabilities. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Information obtained from the information disclosure vulnerabilities may aid in further attacks. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30180

5) Adobe RoboHelp Server Help Errors Log SQL-Injection Vulnerability

Adobe RoboHelp Server is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/30137

Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08

mark.painter — Mon, 07 Jul 2008 20:43:00 GMT

1) Novell Groupwise WebAccess Simple Interface Cross-Site Scripting

Novell Groupwise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A patch which addresses this issue has been released. Contact the vendor for additional details.

http://secunia.com/advisories/30839

2) HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting Vulnerability

HP System Management Homepage (SMH) is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which address this issue have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/30029

3) phpMyAdmin Cross-Site Scripting Vulnerabilities

phpMyAdmin is susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A fix for these issues has been released. Contact the vendor for more information.

http://secunia.com/advisories/30813

4) Drupal Taxonomy Autotagger SQL Injection and Script Insertion

The Taxonomy Autotagger module for Drupal is susceptible to SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. A fix for these issues has been released. Contact the vendor for further details.

http://secunia.com/advisories/30933

5) Academic Web Tools SQL Injection and Cross-Site Scripting

Academic Web Tools is susceptible to SQL Injection and Cross-Site Scripting attacks. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. The Cross-Site Scripting vulnerability can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Fixes which address these issues have not yet been released. Contact the vendor for more details.

http://secunia.com/advisories/30763

Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08

mark.painter — Mon, 23 Jun 2008 20:15:00 GMT

1) IBM Workplace Unspecified Cross-Site Scripting Vulnerability IBM Workplace for Business Controls and Reporting and IBM Workplace Web Content Management are susceptible to an unspecified instance of Cross-Site Scripting. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has not yet been released. Contact the vendor for additional information. http://www.securityfocus.com/bid/29625

2) PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability PHP is susceptible to a directory traversal vulnerability. Attackers can leverage this vulnerability to bypass ‘safe mode’ security restrictions and access data outside of the web root, possibly gaining access to sensitive information which could lead to more dangerous attacks. A fix has not yet been released. Contact the vendor for further details. http://www.securityfocus.com/bid/29797 3) Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability Xerox WorkCentre Webserver is susceptible to an unspecified HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which address this issue have been released. Contact the vendor for more details. http://www.securityfocus.com/bid/29689

4) Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability The Novell eDirectory server iMonitor is susceptible to a instance of Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Updates which address this issue have been released. Contact the vendor for additional information. http://www.securityfocus.com/bid/29782

5) DotNetNuke Prior to 4.8.4 Multiple HTML Injection and Cross-Site Scripting Vulnerabilities DotNetNuke is susceptible to multiple vulnerabilities including HTML Injection and Cross-Site Scripting. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues have been released. Contact the vendor for further details. http://www.securityfocus.com/bid/29686

Top Five Web Application Vulnerabilities 5/26/08 - 6/08/08

mark.painter — Tue, 10 Jun 2008 14:13:00 GMT

1) Apache Tomcat Host Manager Cross-Site Scripting Vulnerability

Apache Tomcat Host Manager is susceptible to Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix is available in the SVN repository. Contact the vendor for more information.

http://www.securityfocus.com/bid/29502

2) Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability

Sun Java System Web Server is susceptible to Cross-Site Scripting. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which resolve this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29355

3) Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities

Xerox DocuShare is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A vendor-supplied patch has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/29430

4) Mambo Multiple Vulnerabilities

Mambo (prior to 4.6.4) is susceptible to multiple vulnerabilities including SQL Injection and HTTP Response Splitting. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. HTTP Response splitting can be used to break responses into multiple parts and conduct other types of attacks including Cross-Site Scripting and web cache poisoning. These issues have been resolved in Mambo 4.6.4. Contact the vendor for more details.

http://www.securityfocus.com/bid/29373

5) Sun Java ASP Server Multiple Directory Traversal Vulnerabilities

Sun Java ASP Server is susceptible to multiple directory traversal vulnerabilities. Successful exploitation would give an attacker the means to view or delete arbitrary files with the privileges of the web server process. Information gained through these methods would likely lead to more damaging attacks. Fixes which resolve these vulnerabilities have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/29538

Top Five Web Application Vulnerabilities 5/12/08 - 5/25/08

mark.painter — Wed, 04 Jun 2008 21:29:00 GMT

1) Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities

Cisco User-Changeable Password (UCP) is susceptible to multiple remote issues including Cross-Site Scripting and buffer-overflows vulnerabilities. If successfully exploited, the buffer overflows can be utilized to execute code in context of the affected application and possibly facilitate the compromise of the affected system. The Cross-Site Scripting vulnerability can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. These issues have been addressed in UCP 4.2. Contact the vendor for further details.

http://www.securityfocus.com/bid/28222/discuss

2) SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability

SAP Web Application Server is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. This issue has reportedly been resolved. Contact the vendor for additional details.

http://www.securityfocus.com/bid/29317

3) IBM Lotus Domino Web Server Unspecified Cross-Site Scripting Vulnerability

IBM Lotus Domino Web Server is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/29311

4) IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site Scripting Vulnerability

IBM Lotus Quickr is susceptible to an unspecified Cross-Site Scripting vulnerability. Cross-Site Scripting is caused by insufficient filtration of user supplied input, and can be used to steal cookie based authentication credentials and conduct other attacks. Fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29175

5) Cisco BBSM Captive Portal Cross-Site Scripting

Cisco BBSM (Building Broadband Service Manager) Captive Portal is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. An update which addresses this issue has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/29191

Top Five Web Application Vulnerabilities 4/28/08 - 5/11/08

mark.painter — Mon, 12 May 2008 14:28:00 GMT

1) SAP Internet Transaction Server Multiple Cross-Site Scripting Vulnerabilities

SAP Internet Transaction Server is susceptible to multiple instances of Cross-Site Scripting. If exploited, these vulnerabilities could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A solution is reported to be available in SAP note 1052053. Contact the vendor for further details.

http://www.securityfocus.com/bid/29103

2) Sun Java System Web Server Search Module Cross-Site Scripting Vulnerability

Sun Java System Web Server Search Module is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A fix has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29087

3) Sun Java System Directory Proxy Server Remote Unauthorized Access Vulnerability

Sun Java System Directory Proxy Server is susceptible to a remote unauthorized access vulnerability. An attacker can leverage this vulnerability to gain administrative access to the affected server. An advisory and fixes for this issue have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/28941/discuss

4) Sun Java System Application Server and Web Server JSP Information Disclosure Vulnerability

Sun Java System Application Server and Web Server are prone to an information-disclosure vulnerability. An attacker could leverage this issue to obtain sensitive information which could possibly be used to orchestrate more dangerous attacks. An advisory and updates which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29088

5) Zen Cart 'keyword' parameter SQL Injection and Cross-Site Scripting Vulnerabilities

Zen Cart is susceptible to SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/29020

Top Five Web Application Vulnerabilities 4/14/08 - 4/27/08

mark.painter — Mon, 28 Apr 2008 16:08:00 GMT

1) IBM Lotus Expeditor URI Handler Command Execution Vulnerability

IBM Lotus Expeditor is susceptible to a remote command-execution vulnerability because user-supplied input is not properly sanitized. Attackers who successfully exploit this issue can execute arbitrary commands in the context of victims who follow malicious URI's. A fix has not yet been released. Contact IBM for more information.

http://www.securityfocus.com/bid/28926

2) F5 Networks FirePass 4100 SSL VPN 'installControl.php3' Cross-Site Scripting Vulnerability

F5 Networks FirePass 4100 SSL VPN is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which resolves this vulnerability has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28902

3) HP OpenView Network Node Manager Running Apache Multiple Vulnerabilities

HP OpenView Network Node Manager when running Apache is vulnerable to multiple vulnerabilities including Cross-Site Scripting and Denial-of Service attacks. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, possibly lead to execution of arbitrary code in the browser of an unsuspecting users, and be used to deny access to legitimate users. Patches which resolve these issues have been released. Contact the vendor for more details.

http://www.securityfocus.com/archive/1/491026

4) Novell GroupWise HTML Injection and Denial-of-Service Vulnerabilities

Novell GroupWise is susceptible to HTML Injection and Denial-of-Service vulnerabilities. HTML Injection can be leveraged to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Denial-of-Service attacks can be exploited to crash the application and deny access to legitimate users. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/28944

5) RSA Authentication Agent for Web URI Redirection Vulnerability

RSA Authentication Agent for Web is susceptible to a remote URI-redirection vulnerability because inadequate data sanitization is performed on user-supplied input. Exploitation of this vulnerability could aid in phishing-style attacks. RSA Authentication Agent for Web 5.3.3.378 resolves this issue. Contact the vendor for specific upgrade information.

http://www.securityfocus.com/bid/28907

Top Five Web Application Vulnerabilities 3/31/08 - 4/13/08

mark.painter — Mon, 14 Apr 2008 17:16:00 GMT

1) F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability

F5 BIG-IP Web Management Interface is susceptible to a remote code injection vulnerability. Attackers who successfully exploit this vulnerability could execute arbitrary code with the privileges of the user of the affected application. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/28639/

2) Cisco Unified Communication Manager Multiple Vulnerabilities

Cisco Unified Communication Manager is susceptible to multiple remote vulnerabilities including instances of SQL Injection, information disclosure, and unauthorized access. If exploited, these vulnerabilities could lead to compromise of the application, leveraged to gain unauthorized application access, or utilized to obtain sensitive information. A fix has not yet been released. Contact Cisco for further details.

http://www.securityfocus.com/bid/28690

3) Drupal Menu System Security Bypass Vulnerabilities

Drupal is susceptible to multiple security-bypass vulnerabilities via the menu system because the application fails to properly control access to certain pages. Successful exploitation would give an attacker access to sensitive information which could likely be utilized in orchestrating more damaging attacks. Updates which resolve these issues have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28714

4) Microsoft SharePoint Server Picture Source HTML Injection Vulnerability

Microsoft SharePoint Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. An attacker needs to utilize a user account with page editing privileges to successfully exploit this vulnerability. A fix has not yet been released. Contact Microsoft for additional details.

http://www.securityfocus.com/bid/28706

5) SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting Vulnerability

SAP NetWeaver is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Note that this issue can be resolved by activating 'Secure Editing' in the Portal. Contact the vendor for more information.
http://www.securityfocus.com/bid/28699

Top Five Web Application Vulnerabilities 3/17/08 - 3/30/08

mark.painter — Tue, 01 Apr 2008 17:03:00 GMT

1) Webutil 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

Webutil is susceptible to multiple command execution vulnerabilities which remote attackers can leverage to execute arbitrary commands. Successful exploitation can lead to a complete compromise of the affected application and underlying system. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28393

2) IBM Rational ClearQuest Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities

IBM Rational ClearQuest is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Patches which resolve these issues have been released. Contact IBM for further information.

http://www.securityfocus.com/bid/28296

3) Imperva SecureSphere Cross-Site Scripting Vulnerability

Imperva SecureSphere is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28279

4) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities

Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28410

Top Five Web Application Vulnerabilities 3/3/08 - 3/16/08

mark.painter — Mon, 17 Mar 2008 16:52:00 GMT

1) Dokeos Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Dokeos is susceptible to multiple remote code execution and Cross-Site Scripting vulnerabilities. Exploitation of these vulnerabilities could lead to a complete compromise of the affected application and underlying system, and also be used to steal cookie based authentication credentials. Dokeos 1.8.4 SP3 has been released to address these issues. Contact the vendor for further information.

http://www.securityfocus.com/bid/28121

2) Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities

Adobe ColdFusion is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Adobe has released advisory APSB08-06 and APSB08-07 to address these issues. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28205

3) F5 BIG-IP Web Management Interface Console HTML Injection Vulnerability

F5 BIG-IP is susceptible to an HTML Injection vulnerability. When exploited, this vulnerability will allow an attacker to execute arbitrary script code in the browser of an unsuspecting victim in context of the affected device. This could possibly lead to theft of cookie-based authentication credentials or be utilized to launch other attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28151

4) Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting Vulnerability

Adobe LiveCycle Workflow is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Adobe has released advisory APSB0-10 to address this issue. Contact the vendor for further details.

http://www.securityfocus.com/bid/28209/

5) Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities

Ruby WEBrick is susceptible to directory traversal and information disclosure vulnerabilities. Remote attackers can leverage these vulnerabilities to access the contents of arbitrary files, gathering information which will likely be utilized in orchestrating more dangerous attacks. Fixes which resolve these issues have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28123/

Top Five Web Application Vulnerabilities 2/18/2008 - 3/02/2008

mark.painter — Mon, 03 Mar 2008 17:21:00 GMT

1) IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability

IBM Lotus QuickPlace is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix has not yet been released. Contact IBM for additional details.

http://www.securityfocus.com/bid/27871

2) PHP Nuke Multiple Modules SQL Injection

Multiple PHP Nuke modules contain SQL Injection vulnerabilities. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. No fixes have yet to be released. Contact the vendor for further information.

http://www.securityfocus.com/bid/27863
http://www.securityfocus.com/bid/27879
http://www.securityfocus.com/bid/27894
http://www.securityfocus.com/bid/27897
http://www.securityfocus.com/bid/27909
http://www.securityfocus.com/bid/27912
http://www.securityfocus.com/bid/27886
http://www.securityfocus.com/bid/27932
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27952
http://www.securityfocus.com/bid/27958
http://www.securityfocus.com/bid/27955
http://www.securityfocus.com/bid/27957
http://www.securityfocus.com/bid/27980
http://www.securityfocus.com/bid/27991
http://www.securityfocus.com/bid/28030
http://www.securityfocus.com/bid/28063

3) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities

Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.

4) Spyce Sample Scripts Multiple Input Validation Vulnerabilities

Spyce Sample Scripts are susceptible to multiple input validation vulnerabilities including Cross-Site Scripting and Path Disclosure. An attacker could possibly execute arbitrary script code in the browser of an unsuspecting user in context of the affected site, and could also retrieve the server's web root path. A fix has not yet been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/27898

5) Drupal Multiple HTML Injection Vulnerabilities

Drupal is susceptible to multiple HTML Injection vulnerabilities. HTML Injection can be leveraged to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. An update that addresses these issues has been released. Contact the vendor further details.

http://www.securityfocus.com/bid/28026

Top Five Web Application Vulnerabilities 2/4/2008 - 2/17/2008

mark.painter — Tue, 19 Feb 2008 16:43:00 GMT

1) Microsoft Internet Information Services ASP Remote Code-Execution Vulnerability

IIS is susceptible to a remote code-execution vulnerability that can be exploited via malicious input to vulnerable ASP pages. Attackers who successfully exploit this vulnerability could execute arbitrary code in context of the Worker Process Identity, which has Network Services privileges by default. Security bulletins which resolve this issue have been released for both IIS 5.1 and 6.0. Contact Microsoft for additional details.

http://www.securityfocus.com/bid/27676/

2) WordPress 'wp-admin/options.php' Remote Code-Execution Vulnerability

WordPress is susceptible to a remote code-execution vulnerability due to a failure of the application to properly sanitize data. A remote attacker can leverage this vulnerability to execute arbitrary PHP code in context of the application, possibly leading to a complete compromise of the affected system. WordPress MU 1.3.2 has been released to correct this issue. Contact WordPress for further information.

http://www.securityfocus.com/bid/27633/

3) Cisco Unified Communications Manager 'key' Parameter SQL Injection Vulnerability

Cisco Unified Communications Manager is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. An advisory which addresses this issue has been released. Contact Cisco for more information.

http://www.securityfocus.com/bid/27775

4) IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability

IBM Lotus Quickr is susceptible to a Cross-Site Scripting vulnerability. Successful exploitation of Cross-Site Scripting could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Fixes which address this issue have been released. Contact IBM for additional details.

http://www.securityfocus.com/bid/27840

5) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities

Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.

Top Five Web Application Vulnerabilities 1/19/08 - 2/03/08

mark.painter — Mon, 04 Feb 2008 17:18:00 GMT

1) Coppermine Photo Gallery Multiple Remote Command Execution Vulnerabilities

Coppermine Photo Gallery is susceptible to multiple remote command execution vulnerabilties. Remote attackers can exploit this vulnerability to execute arbitrary commands with the privileges of the affected application, possibly leading to compromise of the application and the underlying web server. Coppermine Photo Gallery 1.4.15 has been released to resolve these and other issues. Contact the vendor for additonal information.

http://www.securityfocus.com/bid/27512

2) PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability

PHP-Nuke is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/27408

3) Novell GroupWise WebAccess Multiple Cross-Site Scripting Vulnerabilities

Novell GroupWise WebAccess is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Fixes which address these issues have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/27582

4) WordPress Plug-ins Multiple Vulnerabilities

Several WordPress plug-ins are susceptible to vulnerabilities including SQL Injection and Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. No upgrade or patch has yet been released to resolve these issues. Contact the vendor for additional information.

5) Drupal Modules Multiple Vulnerabilities

Several Drupal modules are susceptible to vulnerabilities including Authentication Bypass, Cross-Site Scripting, and HTML Injection. Successful exploitation can lead to escalation of privileges, alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Upgrades which resolve these issues have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/27545

http://www.securityfocus.com/bid/27544

http://www.securityfocus.com/bid/27543

http://www.securityfocus.com/bid/27444

http://www.securityfocus.com/bid/27436

Top Five Web Application Vulnerabilities 7/30/07 - 8/12/07

mark.painter — Wed, 15 Aug 2007 10:33:00 GMT

1) Help Center Live Administration Multiple Security Bypass Vulnerabilities

Help Center Live is susceptible to multiple administration bypass security vulnerabilities. An attacker who leverages these vulnerabilities could gain unauthorized access to administrative pages and compromise the vulnerable application. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25225

2) FrontAccounting Config.PHP Remote File Include Vulnerability

FrontAccounting is susceptible to a remote file-include vulnerability. An attacker could conceivably exploit this vulnerability to compromise the application and underlying system. Other attacks are likely possible. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/25229

3) Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities

Sun Java System Web Server is susceptible to multiple HTTP redirect vulnerabilities including HTTP-response splitting and HTTP-header injection. Exploitation could give an attacker the means to inject arbitrary cookie attributes into a session cookie and launch attacks on active web sessions, or to misrepresent how web content is served, cached, or interpreted. Service packs and updates have been released to address these issues. Contact the vendor for further details.

http://www.securityfocus.com/bid/25190/

4) Apache Tomcat Error Message Reporting Cross-Site Scripting Vulnerability

Apache Tomcat is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/25174

5) Novell GroupWise WebAccess User.Id Parameter Cross-Site Scripting Vulnerability

Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25126

Top Five Web Application Vulnerabilities 7/14/07 - 7/29/07

mark.painter — Tue, 31 Jul 2007 10:34:00 GMT

1) Joomla! Search Component Remote Command Execution Vulnerability

Joomla is susceptible to a remote command execution vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary commands with the privileges of the affected application, possibly leading to compromise of the application and the underlying web server. Other attacks are also likely. A fix has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24997

2) Sun Java System Application Server JSP Source Code Disclosure Vulnerability

Sun Java System Application Server on Microsoft Windows is susceptible to a remote vulnerability that could allow attackers to obtain sensitive JSP source code, which would likely aid in conducting more dangerous attacks. An alert and fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25058

3) Trend Micro OfficeScan Management Console Authentication Bypass Vulnerability

Trend Micro OfficeScan is susceptible to an authentication bypass vulnerability. An attacker could exploit this vulnerability to gain unauthorized access to the web-based management console. Successful exploitation will compromise the application. Fixes which address this issue have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/24935/

4) Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability

Apache Tomcat is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Note that this is an example application, and not intended for production environments. This issue has been resolved in Apache Tomcat 4.1.HEAD. Contact the vendor for more information.

http://www.securityfocus.com/bid/24999/

5) PhpHostBot Authorize.PHP Remote File Include Vulnerability

PhpHostBot is susceptible to a remote file include vulnerability. An attacker could conceivably exploit this vulnerability to compromise the application and underlying system. Other attacks are likely possible. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/25073/