Top Five Web Application Vulnerabilities 2/17/09 - 3/1/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 2/17/09 - 3/1/09
Top Five Web Application Vulnerabilities 2/17/09 - 3/1/09

1) Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability

Cisco Unified MeetingPlace Web Conferencing is susceptible to an authentication bypass vulnerability which can be exploited to gain administrative access to the affected application. A successful attack could lead to a compromise of the application and the underlying system. Updates which address this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/33901/

2) Cisco Unified MeetingPlace Web Conferencing 'E-Mail Address' Field HTML Injection Vulnerability

Cisco Unified MeetingPlace Web Conferencing is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which address this issue have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/33915

3) APC PowerChute Network Shutdown HTTP Response Splitting and Cross-Site Scripting Vulnerabilities

APC PowerChute Network Shutdown is susceptible to HTTP Response Splitting and Cross-Site Scripting vulnerabilities. Successful exploitation could give an attacker the means to steal cookie-based authentication credentials, or influence how content is served, cached, or otherwise interpreted. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/33924

4) Apache Tomcat POST Data Information Disclosure Vulnerability

Apache Tomcat is susceptible to a remote information disclosure vulnerability which can be exploited to obtain sensitive data stored on the server. Information gained during successful exploitation could lead to more damaging attacks.  Updates which address this issue have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/33913

5) Adobe RoboHelp Server Multiple Cross-Site Scripting Vulnerabilities

Adobe RoboHelp Server is susceptible to multiple Cross-Site Scripting vulnerabilities. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. Patches which address these vulnerabilities have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/33887

Posted 03-02-2009 10:19 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems