Top Five Web Application Vulnerabilities 3/3/08 - 3/16/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 3/3/08 - 3/16/08
Top Five Web Application Vulnerabilities 3/3/08 - 3/16/08

1) Dokeos Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Dokeos is susceptible to multiple remote code execution and Cross-Site Scripting vulnerabilities. Exploitation of these vulnerabilities could lead to a complete compromise of the affected application and underlying system, and also be used to steal cookie based authentication credentials. Dokeos 1.8.4 SP3 has been released to address these issues. Contact the vendor for further information.

http://www.securityfocus.com/bid/28121

2) Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities

Adobe ColdFusion is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Adobe has released advisory APSB08-06 and APSB08-07 to address these issues. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28205

3) F5 BIG-IP Web Management Interface Console HTML Injection Vulnerability

F5 BIG-IP is susceptible to an HTML Injection vulnerability. When exploited, this vulnerability will allow an attacker to execute arbitrary script code in the browser of an unsuspecting victim in context of the affected device. This could possibly lead to theft of cookie-based authentication credentials or be utilized to launch other attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28151

4) Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting Vulnerability

Adobe LiveCycle Workflow is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Adobe has released advisory APSB0-10 to address this issue. Contact the vendor for further details.

http://www.securityfocus.com/bid/28209/

5) Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities

Ruby WEBrick is susceptible to directory traversal and information disclosure vulnerabilities. Remote attackers can leverage these vulnerabilities to access the contents of arbitrary files, gathering information which will likely be utilized in orchestrating more dangerous attacks. Fixes which resolve these issues have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28123/

Posted 03-17-2008 4:52 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems