Top Five Web Application Vulnerabilities 6/18/07 - 7/01/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 6/18/07 - 7/01/07
Top Five Web Application Vulnerabilities 6/18/07 - 7/01/07

1) Sun Java Web Start Arbitrary File Overwrite Privilege Escalation Vulnerability

Java Web Start is susceptible to a file overwrite privilege escalation vulnerability that can allow an attacker to execute arbitrary code with the privileges of the user running the application. This affects client systems, and not servers. An advisory and fixes which address this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24695

 

2) Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities

Trend Micro OfficeScan Server is susceptible to multiple security vulnerabilities in its web-based administration interface. These vulnerabilities can be used to bypass authentication, and to execute arbitrary code with administrative privileges within the context of the OfficeScan Server application. Complete server compromise might also be possible. A patch which resolves this issues has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/24641


3) Apache Mod_Mem_Cache Information Disclosure Vulnerability

Apache is susceptible to a remote path-information-disclosure vulnerability. Attackers can exploit this issue to gain information which can be utilized in conducting more damaging attacks. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/24553

4) SAP Internet Communication Framework Multiple Cross-Site Scripting Vulnerabilities

SAP Internet Communication Framework is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes which resolve these issues have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/24674/


5) Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability

Oracle Rapid Install Web Server is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24697

Posted 07-03-2007 1:10 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems