Top Five Web Application Vulnerabilities 2/4/2008 - 2/17/2008 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 2/4/2008 - 2/17/2008
Top Five Web Application Vulnerabilities 2/4/2008 - 2/17/2008

1) Microsoft Internet Information Services ASP Remote Code-Execution Vulnerability

IIS is susceptible to a remote code-execution vulnerability that can be exploited via malicious input to vulnerable ASP pages. Attackers who successfully exploit this vulnerability could execute arbitrary code in context of the Worker Process Identity, which has Network Services privileges by default. Security bulletins which resolve this issue have been released for both IIS 5.1 and 6.0. Contact Microsoft for additional details.

http://www.securityfocus.com/bid/27676/

2) WordPress 'wp-admin/options.php' Remote Code-Execution Vulnerability

WordPress is susceptible to a remote code-execution vulnerability due to a failure of the application to properly sanitize data. A remote attacker can leverage this vulnerability to execute arbitrary PHP code in context of the application, possibly leading to a complete compromise of the affected system. WordPress MU 1.3.2 has been released to correct this issue. Contact WordPress for further information.

http://www.securityfocus.com/bid/27633/

3) Cisco Unified Communications Manager 'key' Parameter SQL Injection Vulnerability

Cisco Unified Communications Manager is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. An advisory which addresses this issue has been released. Contact Cisco for more information.

http://www.securityfocus.com/bid/27775

4) IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability

IBM Lotus Quickr is susceptible to a Cross-Site Scripting vulnerability. Successful exploitation of Cross-Site Scripting could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Fixes which address this issue have been released. Contact IBM for additional details.

http://www.securityfocus.com/bid/27840

5) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities

Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/27609
http://www.securityfocus.com/bid/27617
http://www.securityfocus.com/bid/27648
http://www.securityfocus.com/bid/27649
http://www.securityfocus.com/bid/27673
http://www.securityfocus.com/bid/27679
http://www.securityfocus.com/bid/27691
http://www.securityfocus.com/bid/27692
http://www.securityfocus.com/bid/27695
http://www.securityfocus.com/bid/27731
http://www.securityfocus.com/bid/27748
http://www.securityfocus.com/bid/27783
http://www.securityfocus.com/bid/27780 (Joomla! only)
http://www.securityfocus.com/bid/27781
http://www.securityfocus.com/bid/27784
http://www.securityfocus.com/bid/27842
http://www.securityfocus.com/bid/27808
http://www.securityfocus.com/bid/27805 (Joomla! only)
http://www.securityfocus.com/bid/27818
http://www.securityfocus.com/bid/27820
http://www.securityfocus.com/bid/27822
http://www.securityfocus.com/bid/27821

Posted 02-19-2008 4:43 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems