Top Ten Web Application Vulnerabilities 1/17/2010 - 1/30/2010

1) Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

 

Oracle Database and Enterprise Manager Grid is susceptible to a remote code execution vulnerability that will give an attacker the means to execute arbitrary code within context of the application. Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/45883

 

2) Oracle Audit Vault CVE-2010-4449 Remote Code Execution Vulnerability

 

Oracle Audit Vault is susceptible to a remote code execution vulnerability that can give an attacker the means to execute arbitrary code with elevated privileges, possibly leading to a complete system compromise. Updates which resolve this vulnerability have been released. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/45844

 

3) Oracle Fusion Middleware CVE-2010-4416 Remote Code Execution Oracle GoldenGate Veridata Vulnerability

 

Oracle Fusion Middleware is susceptible to a remote code execution vulnerability in Oracle GoldenGate Veridata that will give an attacker the means to execute arbitrary code within context of the application. Failed attempts will likely result in a Denial of Service condition.  Updates which resolve this vulnerability have been released. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/45868

 

4) Oracle Fusion Middleware CVE-2010-4417 Beehive Remote Code Execution Vulnerability

 

Oracle Fusion Middleware is susceptible to a remote code execution vulnerability in Beehive that will could give an attacker the means to execute arbitrary code within context of the application. Updates which resolve this vulnerability are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/45854

 

5) Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability

 

Oracle Enterprise Manager Real User Experience Insight (RUEI) is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. Updates which resolve this vulnerability are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/45874

 

6) Oracle Database Vault Cross-Site Request Forgery Vulnerability

 

Oracle Database Vault  is susceptible to a Cross-Site Request Forgery vulnerability. Cross-Site Request Forgery leverages the trust a web application places in a user to make authenticated requests to a target site for which the user is logged in, and can be used to abuse any type of functionality the target web application contains. Updates which resolve this vulnerability have been released. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/45905

 

7) HP Business Availability Center and Business Service Management Cross-Site Scripting Vulnerability

HP Business Availability Center and Business Service Management  is susceptible to a Cross-Site Scripting vulnerability. Arbitrary script code can be executed in context of the affected site in the browsers of unsuspecting users if this vulnerability is successfully exploited. Updates which resolve this vulnerability are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/45944

 

8) DotNetNuke Install Module Remote Code Execution Vulnerability

 

DotNetNuke is susceptible to a remote code execution vulnerability that an attacker can leverage to execute arbitrary code in context of the webserver process.  This could allow both the application and the underlying system to be compromised.   Updates which resolve this vulnerability are available. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/45940

 

9) Bugzilla Multiple Vulnerabilities

 

Bugzilla is susceptible to multiple vulnerabilities including Cross-Site Scripting ,Cross-Site Request Forgery, and a security bypass issue.  If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Cross-Site Request Forgery relies on a browser to retrieve and execute an attack. It includes a link or script in a page that connects to a site that the user may have recently used. The script then conducts seemingly authorized yet malicious actions on the user’s behalf. Other security mechanisms are also able to be bypassed. Updates which resolve these vulnerabilities are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/45982

 

10) IBM WebSphere Portal and Workplace Web Content Management Information Disclosure Vulnerability

 

IBM WebSphere Portal and Workplace Web Content Management is susceptible to an information disclosure vulnerability. Successful exploitation would give an attacker unauthorized access to sensitive information. Information gained through these methods would likely lead to more damaging attacks. Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/45989

Comments
evren | ‎02-08-2011 03:51 PM

I think the title of the post should be 

"Top Ten Web Application Vulnerabilities 1/17/2011 - 1/30/2011" in case of  "Top Ten Web Application Vulnerabilities 1/17/2010 - 1/30/2010"

Cheers.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation