Top Five Web Application Vulnerabilities 7/02/07 - 7/13/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 7/02/07 - 7/13/07
Top Five Web Application Vulnerabilities 7/02/07 - 7/13/07

1) Fujitsu ServerView DBASCIIAccess Remote Command Execution Vulnerability

Fujitsu ServerView is susceptible to a remote command execution vulnerability. A remote attacker can leverage this vulnerability to execute arbitrary code in context of the application, possibly leading to a complete compromise of the affected system. Fixes which resolve this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/24762/

2) Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities

Microsoft .NET Framework is susceptible to multiple NULL-byte injection vulnerabilities. Attackers can exploit these issues to gain access to sensitive information that would likely aid in conducting further attacks. Updates which resolve these issues have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24791

3) IBM Proventia Sensor Appliance Multiple Input Validation Vulnerabilities

The IBM Proventia Sensor appliance is susceptible to multiple input validation vulnerabilities including Cross-Site Scripting and several remote file-include issues. An attacker can leverage these issues to obtain cookie-based authentication credentials, execute arbitrary server-side script code on an affected device in the context of the webserver process, or launch other attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/24864/


4) Hitachi JP1/NETM/DM Manager Products Unspecified SQL Injection Vulnerability

Multiple Hitachi JP1/NETM/DM Manager products are susceptible to a SQL Injection vulnerability. When successfully exploited, SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. Updates which resolve this issue have been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/24903

5) JP1/HiCommand Series products Cross-Site Scripting Vulnerability

JP1/HiCommand Series Products are susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Fixes which resolve this issue have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24797

Posted 07-13-2007 3:48 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems