Top Five Web Application Vulnerabilities 5/21/07 - 6/03/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 5/21/07 - 6/03/07
Top Five Web Application Vulnerabilities 5/21/07 - 6/03/07

1) Inout Metasearch Engine Create_Engine.PHP Remote PHP Code Execution Vulnerability

The Inout Metasearch Engine is susceptible to a remote PHP code execution vulnerability because the application improperly sanitizes user input. Exploitation of this vulnerability could lead to a complete compromise of the affected application and underlying system as well as be utilized in perpetrating other attacks. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24189/


2) Ruby on Rails To_JSON Script Injection Vulnerability

Ruby on Rails is susceptible to a JSON script injection vulnerability. An attacker could leverage this vulnerability to execute script code in context of the affected site, steal cookie based authentication credentials, control how the site is rendered, or conduct other attacks. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/24161


3) Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

Wordpress is susceptible to a SQL Injection vulnerability. If exploited, SQL injection can give an attacker the means to access backend database contents, remotely execute system commands, or in some circumstances take control of the server hosting the database. A fix has not yet been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/24076


4) Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities

Hitachi Collaboration Portal Products are vulnerable to multiple instances of Cross-Site Scripting. If exploited, these vulnerabilities could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which resolves these issues has been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/24263/


5) Cisco CallManager Search Form Cross Site Scripting Vulnerability

Cisco CallManager is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24119/

 

Posted 06-05-2007 1:39 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems