Top Five Web Application Vulnerabilities 2/12/07 - 2/25/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 2/12/07 - 2/25/07
Top Five Web Application Vulnerabilities 2/12/07 - 2/25/07

1) PHP-Nuke Multiple SQL Injection Vulnerabilities

PHP-Nuke is susceptible to multiple SQL Injection vulnerabilities. When successfully exploited, SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/22638

2) Adobe ColdFusion Unspecified Cross-Site Scripting Vulnerability

Adobe ColdFusion is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. An advisory which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/22544

3) Adobe JRun Administrator Console Cross-Site Scripting Vulnerability

Adobe JRun is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An advisory which addresses this issue has been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/22547

4) Apache Stats Extract Function Multiple Input Validation Vulnerabilities

Apaches Stats is susceptible to multiple input validation vulnerabilities. An attacker who successfully exploits these issues could compromise the application, execute arbitrary code in the context of the application, or steal or modify data. A fix is available. Contact the vendor for further information.

http://www.securityfocus.com/bid/22388/

5) JBoss Portal Noproject Portal Cross-Site Scripting Vulnerability

JBoss Portal is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/22526

Posted 02-27-2007 9:36 AM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems