Top Five Web Application Vulnerabilities 12/15/08 - 1/04/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 12/15/08 - 1/04/09
Top Five Web Application Vulnerabilities 12/15/08 - 1/04/09

1) Fujitsu-Siemens WebTransactions Command Injection Vulnerability

Fujitsu-Siemens WebTransactions is susceptible to a command injection vulnerability because the application fails to properly validate user supplied input.  Exploitation can lead to a complete compromise of the application. Patches which address this issue have been released. Contact the vendor for additional information.

http://secunia.com/advisories/33168/

2) Novell Identity Manager Cross-Site Scripting Vulnerabilities

Novell Identity Manager is susceptible to multiple Cross-Site Scripting vulnerabilities. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Field patches which address these issues have been released. Contact the vendor for more information.

http://secunia.com/advisories/33228/

3) RoundCube Webmail Denial of Service and PHP Code Execution Vulnerabilities

RoundCube Webmail is susceptible to several vulnerabilities including PHP Code Execution and DoS attacks. Successful exploitation can lead to a  complete compromise of the application, and can also be used to deny access to legitimate users.  A fix which resolves these issues has been released. Contact the vendor for more information.

http://secunia.com/advisories/33169/

4) Hitachi GroupMax Workflow Development Kit Cross-Site Scripting Vulnerability

The Hitachi Groupmax Workflow Development Kit for Active Server Pages is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks.  Updates which resolve this problem have been released. Contact the vendor for additional information.

http://secunia.com/advisories/33281/

5) Hitachi JP1/Integrated Management Cross-Site Scripting

Hitachi JP1/Integrated Management is susceptible to a script injection vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Fixes which address this issue have been released. Contact the vendor for further details.

http://secunia.com/advisories/33193

Posted 01-05-2009 10:13 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems