Top Five Web Application Vulnerabilities 7/30/07 - 8/12/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 7/30/07 - 8/12/07
Top Five Web Application Vulnerabilities 7/30/07 - 8/12/07

1) Help Center Live Administration Multiple Security Bypass Vulnerabilities


Help Center Live is susceptible to multiple administration bypass security vulnerabilities. An attacker who leverages these vulnerabilities could gain unauthorized access to administrative pages and compromise the vulnerable application. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25225

2) FrontAccounting Config.PHP Remote File Include Vulnerability

FrontAccounting is susceptible to a remote file-include vulnerability. An attacker could conceivably exploit this vulnerability to compromise the application and underlying system. Other attacks are likely possible. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/25229


3) Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities

Sun Java System Web Server is susceptible to multiple HTTP redirect vulnerabilities including HTTP-response splitting and HTTP-header injection. Exploitation could give an attacker the means to inject arbitrary cookie attributes into a session cookie and launch attacks on active web sessions, or to misrepresent how web content is served, cached, or interpreted. Service packs and updates have been released to address these issues. Contact the vendor for further details.


http://www.securityfocus.com/bid/25190/


4) Apache Tomcat Error Message Reporting Cross-Site Scripting Vulnerability

Apache Tomcat is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/25174

5) Novell GroupWise WebAccess User.Id Parameter Cross-Site Scripting Vulnerability


Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/25126

Posted 08-15-2007 10:33 AM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems