Top Five Web Application Vulnerabilities 6/04/07 - 6/17/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 6/04/07 - 6/17/07
Top Five Web Application Vulnerabilities 6/04/07 - 6/17/07


1) Wordpress XMLRPC.PHP SQL Injection Vulnerability

Wordpress is susceptible to a SQL Injection vulnerability. An attacker could leverage this vulnerability to execute script code in context of the affected site, steal cookie based authentication credentials, control how the site is rendered, or conduct other attacks. An upgrade which resolves this issue has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24344/

2 Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability

Apache Tomcat Manager and Host Manager are susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/24475

3) 3Com OfficeConnect Secure Router Tk Parameter Cross-Site Scripting Vulnerability

OfficeConnect Secure Router is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A solution has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/24374/

4) HP System Management Homepage Remote Privilege Escalation Vulnerability

HP System Management Homepage is susceptible to a privilege escalation vulnerability. An attacker could leverage this issue to gain “superuser” access to the affected application and possibly launch additional attacks. Upgrades which resolve this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24486

5) Sun Java System Directory Server Attributes List Information Disclosure Vulnerability

Sun Java System Directory Server is susceptible to an information disclosure vulnerability that can be exploited to extract potentially sensitive information and result in a loss of confidentially. This information could also be utilized when orchestrating more dangerous attacks. An advisory and fixes which address this issue have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24467/

  

Posted 06-20-2007 2:09 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems