Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09
Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09

1) Oracle Application Server Cross-Site Scripting Vulnerabilities

Oracle Application Server is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Fix information has been released. Contact the vendor for further information.

http://secunia.com/advisories/33761/

2) Oracle Forms Cross-Site Scripting Vulnerabilities

Oracle Forms is known to contain multiple Cross-Site Scripting vulnerabilities. An attacker can leverage these issues to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks.  Resolution details have been released. Contact the vendor for more details.

http://secunia.com/advisories/33762/

3) Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability

Xerox WorkCentre Webserver is susceptible to a remote command execution vulnerability. Successful exploitation of this issue would give an attacker the means to execute arbitrary commands with the privileges of the webserver, which would likely aid in further attacks. Updates which address this issue have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/33531/

4) SAP NetWeaver and Web Dynpro Portal Cross-Site Scripting Vulnerability

SAP NetWeaver and Web Dynpro Portal are susceptible to a Cross-Site Scripting vulnerability. This can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. An update which addresses these issues has been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/33465

5) Novell GroupWise WebAccess 'gw/webacc' Multiple Cross-Site Scripting Vulnerabilities

Novell GroupWise WebAccess is susceptible to multiple Cross-Site Scripting vulnerabilities. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. Updates which address these issues have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/33541

Posted 02-02-2009 10:09 PM by mark.painter

Comments

Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09 - Top … | debttally.com wrote Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09 - Top … | debttally.com
on 02-03-2009 4:58 AM

Pingback from  Top Five Web Application Vulnerabilities 1/20/09 - 2/1/09 - Top … | debttally.com

Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems