Top Five Web Application Vulnerabilities 8/04/08 - 8/17/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 8/04/08 - 8/17/08
Top Five Web Application Vulnerabilities 8/04/08 - 8/17/08

1) Alcatel-Lucent OmniSwitch Products HTTP Header Remote Buffer Overflow Vulnerability

Alcatel-Lucent OmniSwitch products are susceptible to a remote buffer overflow vulnerability.  An attacker can leverage this issue to execute arbitrary code within the context of the affected application. Failed exploits will likely result in a denial of service condition. Fixes which address these issues have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30652

2) Multiple WebmasterSite Products Remote Command Execution Vulnerability

Multiple WebmasterSite products are susceptible to a remote command execution vulnerability.  Remote attackers can exploit this vulnerability to execute arbitrary commands within the context of the affected application, possibly leading to compromise of the application and the underlying web server. Fixes have not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/30572

3) Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability

The Apache 'mod_proxy_ftp' module is susceptible to a Cross-Site Scripting vulnerability.  Cross-Site Scripting is caused by insufficient filtration of user supplied input, and can be used to steal cookie based authentication credentials and conduct other attacks. Fixes are available in the SVN repository. Contact the vendor for more details.

http://www.securityfocus.com/bid/30560

4) Adobe Presenter Multiple Cross-Site Scripting Vulnerabilities

Adobe Presenter is susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. An advisory which addresses these issues have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/30615

5) JBoss Enterprise Application Platform Information Disclosure Vulnerability

JBoss Enterprise Application Platform is susceptible to a remote information disclosure vulnerability. Information obtained from successful exploitation may aid in further attacks. Updates which address this issue have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/30540

Posted 08-18-2008 6:25 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems