Top Five Web Application Vulnerabilities 5/26/09 - 6/07/09 - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » Top Five Web Application Vulnerabilities 5/26/09 - 6/07/09
Top Five Web Application Vulnerabilities 5/26/09 - 6/07/09

1) Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting Vulnerability

Sun Java System Web Server is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this vulnerability have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/35204

2) PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability

PHP-Nuke is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. A solution has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/35117

3) phpBugTracker Multiple SQL Injection Vulnerabilities

phpBugTracker is susceptible to multiple SQL Injection vulnerabilities.  SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. Solutions have not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/35101
http://www.securityfocus.com/bid/35125

4) Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness

Apache Tomcat is susceptible to a username-enumeration weakness because different login results can be exploited to determine whether usernames are valid. Updates which resolve this issue are available. Contact the vendor for additional details.

http://www.securityfocus.com/bid/35196

5) IBM FileNet Content Manager Cached Subject Security Bypass Vulnerability

IBM FileNet Content Manager is susceptible to a security bypass vulnerability that may allow access to sensitive information. Fixes which address this issue have been released. Contact the vendor for further information. 

http://www.securityfocus.com/bid/35228

Posted 06-08-2009 7:06 PM by mark.painter
Filed under: ,

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems