Top Five Web Application Vulnerabilities 4/23/07 - 5/06/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 4/23/07 - 5/06/07
Top Five Web Application Vulnerabilities 4/23/07 - 5/06/07

1) CodePress Eval Function Script Execution Vulnerability

CodePress is susceptible to a script execution vulnerability. A remote attacker can leverage this vulnerability to run scripts in context of the affected site, possibly stealing cookie based authentication credentials or controlling how the site is rendered to the user. Other attacks might also be possible. An update which addresses this issue has been released. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/23788

 

2) TCExam SessionUserLang Remote PHP Code Execution Vulnerability

TCExam is susceptible to a remote vulnerability which would allow an attacker to execute arbitrary PHP code in context of the web server process. Exploitation could lead to complete compromise of the affected system. Other attacks might also be possible. A fix has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/23705

3) Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities

Red Hat Directory Server is susceptible to multiple Cross-Site Scripting vulnerabilities. When successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/23709/


4) phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin is susceptible to multiple Cross-Site Scripting vulnerabilities. Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Version 2.10.1 has been released to address these issues. Contact the vendor for further details.

http://www.securityfocus.com/bid/23624

5) Sun Java Web Start Unauthorized Access Vulnerability

Sun Java Web Start is susceptible to an unauthorized access vulnerability that could allow remote attackers to gain unauthorized access to an affected system. An attacker who leverages this vulnerability could utilize an untrusted application to gain read/write privileges to local files on affected systems. An update which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/23728


Posted 05-08-2007 5:37 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems