Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08
Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08
1) IBM Workplace Unspecified Cross-Site Scripting Vulnerability IBM Workplace for Business Controls and Reporting and IBM Workplace Web Content Management are susceptible to an unspecified instance of Cross-Site Scripting. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has not yet been released. Contact the vendor for additional information. http://www.securityfocus.com/bid/29625  

 


2) PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability PHP is susceptible to a directory traversal vulnerability. Attackers can leverage this vulnerability to bypass ‘safe mode’ security restrictions and access data outside of the web root, possibly gaining access to sensitive information which could lead to more dangerous attacks. A fix has not yet been released. Contact the vendor for further details. http://www.securityfocus.com/bid/29797   3) Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability Xerox WorkCentre Webserver is susceptible to an unspecified HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which address this issue have been released. Contact the vendor for more details. http://www.securityfocus.com/bid/29689  

 

 

4) Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability The Novell eDirectory server iMonitor is susceptible to a instance of Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Updates which address this issue have been released. Contact the vendor for additional information.  http://www.securityfocus.com/bid/29782  

 

 

5) DotNetNuke Prior to 4.8.4 Multiple HTML Injection and Cross-Site Scripting Vulnerabilities DotNetNuke is susceptible to multiple vulnerabilities including HTML Injection and Cross-Site Scripting. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues have been released. Contact the vendor for further details. http://www.securityfocus.com/bid/29686

 

Posted 06-23-2008 8:15 PM by mark.painter

Comments

Rafal wrote re: Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08
on 06-27-2008 11:17 PM

Hey, wow - I think it's interesting that one of the TOP Vulnerabilities is in an IBM product.  Didn't they (much like HP, but earlier) acquire some web app security company?

 Sounds like a case of do as we say, not as we do :)

Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems