Top 10 Web Application Vulnerabilities 5/16/2011 - 6/5/2011

1) PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability

 

PHP is susceptible to a Buffer Overflow vulnerability. This issue can be leveraged to give an attacker the means to execute arbitrary machine code in context of the PHP process, with even failed attempts likely causing the web server to crash. Updates which resolve this issue are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/47950

 

2) Cisco RVS4000/WRVS4400N Web Management Interface Remote Command Injection/Information Disclosure Vulnerabilities

 

Cisco RVS4000/WRVS4400N Web Management Interface is susceptible to multiple remote vulnerabilities including command injection and information disclosure. The Command Injection vulnerability can be exploited by authenticated attackers to execute arbitrary commands with root-level privileges on the affected system. The Information Disclosure vulnerabilities can reveal sensitive information which would likely be useful in crafting more damaging attacks.  Updates which resolve these issues are available. Contact the vendor for further information.
 
http://www.securityfocus.com/bid/47984
http://www.securityfocus.com/bid/47985
http://www.securityfocus.com/bid/47988

 

3) Cisco Unified Operations Manager Multiple SQL Injection /Cross-Site Scripting Vulnerabilities

 

Cisco Unified Operations Manager is susceptible to multiple SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or execution of malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/47898
http://www.securityfocus.com/bid/47901
http://www.securityfocus.com/bid/47903

 

4) IBM WebSphere Portal Search Center Cross-Site Scripting Vulnerability

 

IBM WebSphere Portal Search Center is susceptible to a Cross-Site Scripting vulnerability.  If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this issue are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/47954

 

5) Imperva SecureSphere SQL Query Filter Security Bypass Vulnerability

 

Imperva SecureSphere is susceptible to a security bypass vulnerability that will allow an attacker to exploit SQL Injection vulnerabilities. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database.  This issue has been reported as resolved. Contact the vendor for more information.

 

http://www.securityfocus.com/bid/47780

 

6) Apache Archiva  Cross-Site Request Forgery/Cross-Site Scripting/HTML Injection Vulnerabilities

 

Apache Archiva is susceptible to multiple instances of Cross-Site Request Forgery, Cross-Site Scripting, and HTML Injection. Cross-Site Request Forgery leverages the trust a web application places in a user to make authenticated requests to a target site for which the user is logged in, and can be used to abuse any type of functionality the target web application contains.  Successful exploitation of Cross-Site Scripting and HTML Injection  could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/48015
http://www.securityfocus.com/bid/48011

 

7) CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability

 

CiscoWorks Common Services is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve this issue are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/47902

 

8) Apache Struts 'javatemplates' Plugin Multiple Cross-Site Scripting Vulnerabilities

 

The Apache Struts 'javatemplates' plugin is susceptible to multiple instances of Cross-Site Scripting. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks.  Updates which resolve these vulnerabilities are available. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/47890

 

9) Moodle Prior to 1.9.12/2.0.3 Multiple Security Vulnerabilities

 

Moodle is susceptible to multiple vulnerabilities including Cross-Site Scripting, issues of security bypass, and information disclosure.  Attackers can leverage these issues to bypass certain security restrictions, gain access to sensitive information, and execute arbitrary code in context of the affected site in the browsers of unsuspecting users.  Updates which resolve these issues are available. Contact the vendor for additional information. 

 

http://www.securityfocus.com/bid/47920

 

10) Apache Tomcat SecurityConstraints Security Bypass Vulnerability

 

Apache Tomcat is susceptible to a security bypass vulnerability that will allow an attacker to gain access to sensitive information which could lead to more damaging attacks. Updates which resolve this vulnerability have been released. Contact the vendor for more information.
 
http://www.securityfocus.com/bid/47886

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.