Top Five Web Application Vulnerabilities 4/28/08 - 5/11/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 4/28/08 - 5/11/08
Top Five Web Application Vulnerabilities 4/28/08 - 5/11/08

1) SAP Internet Transaction Server Multiple Cross-Site Scripting Vulnerabilities

SAP Internet Transaction Server is susceptible to multiple instances of Cross-Site Scripting.  If exploited, these vulnerabilities could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A solution is reported to be available in SAP note 1052053. Contact the vendor for further details.

http://www.securityfocus.com/bid/29103

2) Sun Java System Web Server Search Module Cross-Site Scripting Vulnerability

Sun Java System Web Server Search Module is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user.  A fix has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29087

3) Sun Java System Directory Proxy Server Remote Unauthorized Access Vulnerability

Sun Java System Directory Proxy Server is susceptible to a remote unauthorized access vulnerability. An attacker can leverage this vulnerability to gain administrative access to the affected server. An advisory and fixes for this issue have been released. Contact the vendor for more details. 

http://www.securityfocus.com/bid/28941/discuss

4) Sun Java System Application Server and Web Server JSP Information Disclosure Vulnerability

Sun Java System Application Server and Web Server are prone to an information-disclosure vulnerability. An attacker could leverage this issue to obtain sensitive information which could possibly be used to orchestrate more dangerous attacks. An advisory and updates which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29088

5) Zen Cart 'keyword' parameter SQL Injection and Cross-Site Scripting Vulnerabilities

Zen Cart is susceptible to SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/29020

Posted 05-12-2008 2:28 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems