Top Five Web Application Vulnerabilities 4/09/07 - 4/22/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 4/09/07 - 4/22/07
Top Five Web Application Vulnerabilities 4/09/07 - 4/22/07

1) Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability

Novell Groupwise WebAccess is susceptible to a buffer overflow vulnerability. An attacker could remotely exploit these vulnerabilities to execute arbitrary code in context of the affected application. Failed attempts would likely create a denial of service condition. Novell has released an update which resolves this issue. Contact the vendor for additional details.

http://www.securityfocus.com/bid/23556

2) Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability

Sun Java Web Console is prone to a format string vulnerability. Successful exploitation could possibly lead to arbitrary code execution, escalation of privileges, unauthorized access, or simply be used to crash the application. Fixes have been released for this issue. Contact the vendor for additional details.

http://www.securityfocus.com/bid/23539/


3) Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

Nortel VPN Routers are susceptible to multiple remote unauthorized access vulnerabilities which are exploitable via a web browser. Attackers who successfully exploit these vulnerabilities can gain access to administrative functionality, completely compromise the affected devices, or gain direct access to the private network. Nortel has released an advisory which addresses these issues. Contact the vendor for more information.

http://www.securityfocus.com/bid/23562/


4) IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability

IBM Lotus Domino Web Access is susceptible to an HTML-injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in context of the affected website. This could possibly be used to steal cookie-based authentication credentials or to launch other attacks. Updates which resolve this issue have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/23421

5) PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

PHP-Nuke is susceptible to multiple SQL-injection vulnerabilities. When successfully exploited, SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fix has yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/23528/

 

Posted 04-24-2007 12:01 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems