Top 10 Web Application Vulnerabilities September 2011

1) PHP 'is_a()' Function Remote File Include Vulnerability

 

PHP is susceptible to a Remote File Include vulnerability. An attacker can potentially leverage this vulnerability to compromise PHP applications that rely on the vulnerable function or the underlying system itself. Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/49754

 

2) SAP WebAS Malicious SAP Shortcut Generation Remote Command Injection Vulnerability

 

SAP WebAS is susceptible to a Remote Command Injection vulnerability. An attacker can exploit this vulnerability to inject arbitrary commands into the application and control the generation of SAP shortcuts.  As of this writing no vendor-supplied fixes have yet been made available. Contact the vendor for more details.

 

 http://www.securityfocus.com/bid/49642

 

3) Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow Vulnerability

 

Novell GroupWise Internet Agent is susceptible to a stack-based Buffer Overflow vulnerability due to a failure of the application to properly sanitize user-supplied data. An attacker can leverage this vulnerability  to execute arbitrary code in the context of the application. Failed attempts will likely result in a Denial-of-Service condition. Updates which resolve this vulnerability are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/49779

 

4) Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities

 

Adobe ColdFusion is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems.  As of this writing no vendor-supplied fixes have yet been made available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/49787

 

5) IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

 

IBM WebSphere Application Server is susceptible to a Cross-Site Request Forgery vulnerability. Cross-Site Request Forgery relies on a browser to retrieve and execute an attack. It includes a link or script in a page that connects to a site that the user may have recently used. The script then conducts seemingly authorized yet malicious actions on the user’s behalf.  Fixes for this issue are available.  Contact the vendor for further details.

 

http://www.securityfocus.com/bid/49766

 

6) Microsoft SharePoint  Cross-Site Scripting Vulnerability

 

Microsoft SharePoint is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/49004

 

7) SAP Crystal Report Server 2008 'pubDBLogon.jsp' Cross-Site Scripting Vulnerability

 

SAP Crystal Report Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Updates which resolve this vulnerability are available. Contact the vendor for more information.

 

http://www.securityfocus.com/bid/49656

 

8) IBM Lotus Domino 'PanelIcon' Parameter Cross-Site Scripting Vulnerability

 

IBM Lotus Domino is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks.  As of this writing no vendor-supplied fixes had yet been made available. Contact the vendor for further details.

 

http://www.securityfocus.com/bid/49701

 

9) SAP Web Application Server WEBRFC ICF Service Cross-Site Scripting Vulnerability

 

SAP Web Application Server is susceptible to a Cross-Site Scripting vulnerability. Arbitrary script code can be executed in context of the affected site in the browsers of unsuspecting users if this vulnerability is successfully exploited. Updates which resolve this vulnerability are available. Contact the vendor additional details.

 

http://www.securityfocus.com/bid/49646

 

10) Novell GroupWise 8 WebAccess 'Directory.Item' Parameters Cross-Site Scripting Vulnerabilities

 

Novell GroupWise 8 WebAccess is susceptible to a Cross-Site Scripting vulnerability.  Cross-Site Scripting can give an attacker  the means to execute arbitrary script code in the browsers of unsuspecting users and steal authentication credentials. Fixes that resolve this vulnerability are available. Contact the vendor for more information.

 

http://www.securityfocus.com/bid/49773

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.