Top Five Web Application Vulnerabilities 2/18/2008 - 3/02/2008 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 2/18/2008 - 3/02/2008
Top Five Web Application Vulnerabilities 2/18/2008 - 3/02/2008

1) IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability
 
IBM Lotus QuickPlace is susceptible to a Cross-Site Scripting vulnerability.  If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix has not yet been released. Contact IBM for additional details.
 
http://www.securityfocus.com/bid/27871
 
2) PHP Nuke Multiple Modules SQL Injection
 
Multiple PHP Nuke modules contain SQL Injection vulnerabilities. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. No fixes have yet to be released. Contact the vendor for further information.
 
http://www.securityfocus.com/bid/27863
http://www.securityfocus.com/bid/27879
http://www.securityfocus.com/bid/27894
http://www.securityfocus.com/bid/27897
http://www.securityfocus.com/bid/27909
http://www.securityfocus.com/bid/27912
http://www.securityfocus.com/bid/27886
http://www.securityfocus.com/bid/27932
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27930
http://www.securityfocus.com/bid/27952
http://www.securityfocus.com/bid/27958
http://www.securityfocus.com/bid/27955
http://www.securityfocus.com/bid/27957
http://www.securityfocus.com/bid/27980
http://www.securityfocus.com/bid/27991
http://www.securityfocus.com/bid/28030
http://www.securityfocus.com/bid/28063

3) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities
 
Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.


http://www.securityfocus.com/bid/27849
http://www.securityfocus.com/bid/27860
http://www.securityfocus.com/bid/27864
http://www.securityfocus.com/bid/27883
http://www.securityfocus.com/bid/27884
http://www.securityfocus.com/bid/27887
http://www.securityfocus.com/bid/27888
http://www.securityfocus.com/bid/27898
http://www.securityfocus.com/bid/27921
http://www.securityfocus.com/bid/27922
http://www.securityfocus.com/bid/27923
http://www.securityfocus.com/bid/27926
http://www.securityfocus.com/bid/27956
http://www.securityfocus.com/bid/27970
http://www.securityfocus.com/bid/27975
http://www.securityfocus.com/bid/27971
http://www.securityfocus.com/bid/27994
http://www.securityfocus.com/bid/28018

4) Spyce Sample Scripts Multiple Input Validation Vulnerabilities

Spyce Sample Scripts are susceptible to multiple input validation vulnerabilities including Cross-Site Scripting and Path Disclosure. An attacker could possibly execute arbitrary script code in the browser of an unsuspecting user in context of the affected site, and could also retrieve the server's web root path. A fix has not yet been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/27898
 
5) Drupal Multiple HTML Injection Vulnerabilities
 
Drupal is susceptible to multiple HTML Injection vulnerabilities. HTML Injection can be leveraged to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. An update that addresses these issues has been released. Contact the vendor further details.

http://www.securityfocus.com/bid/28026

Posted 03-03-2008 5:21 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems