Top Five Web Application Vulnerabilities 7/14/07 - 7/29/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 7/14/07 - 7/29/07
Top Five Web Application Vulnerabilities 7/14/07 - 7/29/07

1) Joomla! Search Component Remote Command Execution Vulnerability

Joomla is susceptible to a remote command execution vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary commands with the privileges of the affected application, possibly leading to compromise of the application and the underlying web server. Other attacks are also likely. A fix has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24997


2) Sun Java System Application Server JSP Source Code Disclosure Vulnerability

 

Sun Java System Application Server on Microsoft Windows is susceptible to a remote vulnerability that could allow attackers to obtain sensitive JSP source code, which would likely aid in conducting more dangerous attacks. An alert and fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25058

3) Trend Micro OfficeScan Management Console Authentication Bypass Vulnerability

 

Trend Micro OfficeScan is susceptible to an authentication bypass vulnerability. An attacker could exploit this vulnerability to gain unauthorized access to the web-based management console. Successful exploitation will compromise the application. Fixes which address this issue have been released. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/24935/

 

4) Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability

 

Apache Tomcat is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Note that this is an example application, and not intended for production environments. This issue has been resolved in Apache Tomcat 4.1.HEAD. Contact the vendor for more information.

http://www.securityfocus.com/bid/24999/

 

5) PhpHostBot Authorize.PHP Remote File Include Vulnerability

 

PhpHostBot is susceptible to a remote file include vulnerability. An attacker could conceivably exploit this vulnerability to compromise the application and underlying system. Other attacks are likely possible. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/25073/

 

Posted 07-31-2007 10:34 AM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems