Top Five Web Application Vulnerabilities 10/27/08 - 11/09/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 10/27/08 - 11/09/08
Top Five Web Application Vulnerabilities 10/27/08 - 11/09/08

1) SonicWALL Content Filtering Blocked Site Error Page Cross-Site Scripting Vulnerability

SonicWALL Content Filtering is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information.  An update which addresses this issue has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/31998

2) Interact 'email_user_key' Parameter SQL Injection Vulnerability

Interact is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A patch which addresses this issue has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/32014

3) WebGUI 'Asset.pm' Perl Module Handling Code Execution Vulnerability

WebGUI is susceptible to a  vulnerability that allows attackers to execute arbitrary Perl code in the context of the webserver process. This could lead to compromise of the application  as well as other attacks. An update which addresses this issue has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/31947

4)A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML Injection Vulnerabilities

A-Link WL54AP3 and WL54AP2 are prone to a Cross-Site Request Forgery and HTML Injection vulnerability. Cross-Site Request Forgery can be exploited to modify the administrative configuration on affected devices and possibly lead to further network-based attacks. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Other attacks are also possible. An update which addresses this issue has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/32008/

5) TestLink Multiple HTML Injection Vulnerabilities

TestLink is susceptible to multiple HTML Injection vulnerabilities. Successful exploitation can give an attacker the means to inject content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or modify how the site appears. The latest release (TestLink 1.8 RC1) addresses these issues. Contact the vendor for more information.

http://www.securityfocus.com/bid/32173

Posted 11-10-2008 9:35 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems