Top Five Web Application Vulnerabilities 8/18/08 - 9/1/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 8/18/08 - 9/1/08
Top Five Web Application Vulnerabilities 8/18/08 - 9/1/08

1) Novell Forum TCL Command Injection Vulnerability

Novell Forum is susceptible to a command injection vulnerability. Remote attackers can exploit this vulnerability  via URL modification to execute TCL commands, possibly leading to compromise of the application and underlying web server. A fix has been released. Contact Novell for more information.

http://secunia.com/advisories/31578/

2) IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Cross-Site Scripting Vulnerability

IBM WebSphere Application Server for z/OS HTTP contains a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has been released. Contact IBM for additional details.

http://secunia.com/advisories/31673/

3) Novell IDM Cross-Site Scripting and Script Insertion

Novell IDM is susceptible to an instance of Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Field patches which resolve these issues have been released. Contact Novell for further information.

http://secunia.com/advisories/31678/

4) IBM Lotus Quickr Multiple Cross-Site Scripting Vulnerabilities

IBM Lotus Quickr is susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes have been released. Contact IBM for more details.

http://secunia.com/advisories/31634/

5) IBM WebSphere Portal Server Authentication Bypass

IBM WebSphere Portal is susceptible to a server authentication bypass vulnerability.  This vulnerability can be exploited to perform certain administrative actions via a specially crafted HTTP request without proper authentication. A fix has been released. Contact IBM for further details.

http://secunia.com/advisories/31443/

Posted 09-04-2008 7:50 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems