Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08
Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08

1) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Microsoft Outlook Web Access (OWA) for Exchange Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. An advisory and updates which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30130

2) Xerox CentreWare Web Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

Xerox CentreWare Web is susceptible to multiple SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. A fix has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/30151

3) Sun Java Web Start Multiple Vulnerabilities

Sun Java Web Start is susceptible to multiple vulnerabilities including buffer overflows, privilege escalation and information disclosure issues.  The user must first visit a malicious page before these vulnerabilities can be exploited. An attacker who leverages these issues could execute arbitrary code, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This could result in a compromise of the underlying system.  Information obtained from the information disclosure vulnerabilities would also likely be utilized in orchestrating further attacks. Fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30148

4) IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities

IBM Maximo is susceptible to an HTML Injection and information disclosure vulnerabilities. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears.  Information obtained from the information disclosure vulnerabilities may aid in further attacks. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30180

5) Adobe RoboHelp Server Help Errors Log SQL-Injection Vulnerability

Adobe RoboHelp Server is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/30137

Posted 07-21-2008 8:03 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems