Top Five Web Application Vulnerabilities 8/03/09 - 8/16/09

1) Oracle Config Management Multiple SQL-injection Vulnerabilities


Oracle Config Management is susceptible to multiple SQL Injection vulnerabilities.  SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system.  Successful exploitation of these vulnerabilities requires  'Valid Session' privileges. Updates which address these issues are available. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35692
http://www.securityfocus.com/bid/35676


2) SAP NetWeaver Application Server 'uddiclient/process' HTML Injection Vulnerability


SAP NetWeaver Application Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which resolve this issue are available. Contact the vendor for more details.


http://www.securityfocus.com/bid/36034


3) WordPress 'wp-login.php' Admin Password Reset Security Bypass Vulnerability


WordPress is susceptible to an admin password reset security bypass vulnerability. Successful exploitation will allow an attacker  to reset the administrator password of the application. Updates which address this issue have been released. Contact the vendor for more information.


http://www.securityfocus.com/bid/36014


4) SQLiteManager 'main.php' Cross Site Scripting Vulnerability


SQLiteManager is susceptible to a Cross-Site Scripting vulnerability.  An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has not yet been released. Contact the vendor for further details.


http://www.securityfocus.com/bid/36002


5) WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability


The WP-Syntax plugin for WordPress is susceptible to a remote code execution vulnerability. Attackers can leverage this issue to execute arbitrary PHP code within the context of the affected webserver process. A fix has not yet been released. Contact the vendor for additional details. 


http://www.securityfocus.com/bid/36040


 

Comments
(anon) | ‎08-25-2009 05:46 PM

SAP related information on your site is really good..

And to be appreciated..

Thanks

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Top Kudoed Posts
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.