Top Five Web Application Vulnerabilities 10/13/08 - 10/26/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 10/13/08 - 10/26/08
Top Five Web Application Vulnerabilities 10/13/08 - 10/26/08

1) Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability

Oracle WebLogic Server Apache Connector is susceptible to a stack based buffer overflow because user-supplied input is not properly validated. This issue can be exploited by an attacker to execute arbitrary code in context of the affected application.  A fix which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/31761

2) Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

Microsoft Office is susceptible to a Cross-Site Scripting vulnerability because specially crafted CDO protocol URIs are not handled correctly. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/31693

3) WebGUI 'Asset.pm' Perl Module Handling Code Execution Vulnerability

WebGUI is susceptible to a remote code execution vulnerability. An attacker could leverage this vulnerability to execute arbitrary PERL code in context of the webserver process. An update which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/31947

4) Mantis 'manage_proj_page.php' PHP Code Injection Vulnerability

Mantis is susceptible to a remote PHP code-injection vulnerability. Successful exploitation would give an attacker the means to inject and execute arbitrary malicious PHP code in the context of the webserver process, possibly facilitating compromise of the application and underlying system. A fix has not yet been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/31789

5) HP SiteScope SNMP Trap HTML Injection Vulnerability

HP Sitescope is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/31816

Posted 10-28-2008 8:39 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems