Top Five Web Application Vulnerabilities 4/12/10 - 4/25/10

1) Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability

Oracle E-Business Suite Financials is susceptible to a SQL Injection vulnerability. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. As of this writing, a fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/39510

2) Apache OFBiz Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

Apache OFBiz is susceptible to multiple Cross-Site Scripting and HTML Injection vulnerabilities. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these vulnerabilities are available. Contact the vendor for further details.

http://www.securityfocus.com/bid/39489

3) Apache ActiveMQ Source Code Information Disclosure Vulnerability

Apache ActiveMQ is susceptible to a remote vulnerability that can give an attacker access to its source code. Successful exploitation would give an attacker the means to retrieve arbitrary files from the vulnerable system in context of the webserver process. Information gained during the exploitation would likely aid in additional attacks. Updates which resolve this vulnerability are available. Contact the vendor for more information.

http://www.securityfocus.com/bid/39636

4) Adobe Acrobat and Reader CVE-2010-0190 Cross-Site Scripting Vulnerability

Acrobat and Reader are susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Updates which resolve this vulnerability are available. Contact the vendor for additional details.

http://www.securityfocus.com/bid/39515

5) DotNetNuke System Message Information Disclosure Vulnerability

DotNetNuke is susceptible to an Information Disclosure vulnerability. An attacker could leverage this vulnerability to gain access to sensitive information which could likely be utilized in conducting more damaging attacks. Updates which resolve this issue are available. Contact the vendor for additional information.

http://www.securityfocus.com/bid/39586

Comments
(anon) | ‎05-14-2010 07:17 AM

Interesting list, i didn't mind about apache.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation