Top Five Web Application Vulnerabilities 9/29/08 - 10/12/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 9/29/08 - 10/12/08
Top Five Web Application Vulnerabilities 9/29/08 - 10/12/08

1) HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability

HP System Management Homepage (SMH) is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which address this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/31663

2) Cisco Unity Remote Administration Authentication Bypass Vulnerability

Cisco Unity is susceptible to a remote administration authentication bypass vulnerability.  Remote attackers can exploit this vulnerability to gain unauthorized administrative privileges. A fix which addresses this issue has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/31638/

3) WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross Site Scripting Vulnerabilities

WordPress MU is susceptible to multiple Cross-Site Scripting vulnerabilities.  If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user.  An update which address these issues has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/31482

4) Juniper ScreenOS HTML Injection Vulnerability

Juniper ScreenOS is susceptible to an HMTL Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Only version 5.4 r9.0 is affected by this issue as it has been fixed in subsequent releases. Contact the vendor for further details.

http://www.securityfocus.com/bid/31528/

5) Drupal Multiple Remote Access Validation Vulnerabilities and Weaknesses

Drupal is susceptible to multiple remote access validation vulnerabilities and weaknesses. Successful exploitation would give an attacker the means to upload arbitrary files, obtain sensitive information, or perform unauthorized actions on affected sites. Fixes which address these issues have been released. Contact the vendor additional details.

http://www.securityfocus.com/bid/31662/

Posted 10-14-2008 7:07 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems