Top Five Web Application Vulnerabilities 7/21/08 - 8/03/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 7/21/08 - 8/03/08
Top Five Web Application Vulnerabilities 7/21/08 - 8/03/08

1) Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

Sun Java System Web Sever 7.0 plugin for Sun N1 Service Provisioning System (N1SPS) is susceptible to a remote authentication bypass vulnerability. An attacker who leverages this vulnerability could gain unauthorized administrative access to the web server. A fix and advisory which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30451

2) EMC Centera Universal Access 'username' Parameter SQL Injection Vulnerability

EMC Centera Universal Access (CUA) is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A patch which addresses this issue has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/30358/

3) Panasonic Network Cameras Error Page Multiple Cross-Site Scripting Vulnerabilities

Panasonic Network Cameras are susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Updates which resolve these issues have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/30460

4) Multiple Century System XR Routers Cross-Site Request Forgery Vulnerability

Multiple Century System XR routers are susceptible to a Cross-Site Request Forgery vulnerability. Cross-Site Request Forgery leverages the trust a web application places in a user to make authenticated requests that appear completely legitimate, and can be used to abuse any type of functionality the web application contains.  Updates which resolve this issue have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/30344

5) Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities

Mobius Web Publishing Software is susceptible to multiple instances of SQL Injection. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. A fix has not yet been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/30382

 


 

Posted 08-04-2008 6:34 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems