Top Five Web Application Vulnerabilities 9/15/08 - 9/28/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 9/15/08 - 9/28/08
Top Five Web Application Vulnerabilities 9/15/08 - 9/28/08

1) Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution Vulnerability

Xerox WorkCentre/WorkCentre Pro Network Controller are susceptible to a remote code execution vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in context of the affected application. Updates which resolve these issues have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/31255

2) phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability

phpMyadmin 'server_databases.php' is susceptible to a remote command execution vulnerability which would allow an attacker to execute arbitrary commands. Successful exploitation could lead to compromise of the affected application and possibly the underlying system. Fixes which address this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/31188

3)  PHP 'create_function()' Code Injection Weakness

PHP is susceptible to a code injection weakness because it fails to properly sanitize user-supplied input.  An attacker can leverage this weakness to execute code with the privileges of an additional vulnerable program. A fix for this issue has not yet been released. Contact the vendor for additional details.

 http://www.securityfocus.com/bid/31398

4) Computer Associates Service Desk Web Forms Multiple Cross-Site Scripting Vulnerabilities

Computer Associates Service Desk is susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes which address these issues have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/31412

5) Pro2col StingRay FTS Login Username Cross Site Scripting

StingRay FTS is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix for this vulnerability has not yet been released.  Contact the vendor for additional information.

http://www.securityfocus.com/bid/31148

Posted 09-29-2008 8:33 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems