Top Ten Web Application Vulnerabilities 5/2/2011 - 5/15/2011

1) Samsung Integrated Management System DMS SQL Injection Vulnerability

 

Samsung Integrated Management System DMS is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database.  Updates which resolve this vulnerability are available. Contact the vendor for further details.

 

http://www.securityfocus.com/bid/47746

 

2) IBM Datacap Taskmaster Capture Unspecified SQL Injection Vulnerability

 

The Datacap Taskmaster Capture is susceptible to a SQL Injection vulnerability. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. Updates which resolve this issue are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/47848

 

3) HP Business Availability Center  Cross-Site Scripting Vulnerability

 

HP Business Availability Center is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this issue are available. Contact the vendor for more information.

 

http://www.securityfocus.com/bid/47846

 

4) VMware vCenter Server  Directory Traversal Vulnerability

 

VMware vCenter Server is susceptible to a Directory Traversal vulnerability. Successful exploitation would give an attacker the means to retrieve arbitrary files in context of the application. Information gained through these methods would likely lead to more damaging attacks. Updates which resolve this issue are available. Contact the vendor for further details.

 

http://www.securityfocus.com/bid/47735

 

5) Apache Struts XWork 's:submit' HTML Tag Cross-Site Scripting Vulnerability

 

Apache Struts is susceptible to a  Cross-Site Scripting  vulnerability. Cross-Site Scripting can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve this issue have been released. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/47784

 

6) Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability

 

The Oracle GlassFish Server Administration Console is susceptible to a remote authentication bypass vulnerability which could allow an attacker to bypass authentication and perform unauthorized actions. Updates which resolve this issue are available. Contact the vendor for further details.

 

http://www.securityfocus.com/bid/47818

 

7) WordPress '.phtml' Files Arbitrary File Upload Vulnerability

 

WordPress is susceptible to an Arbitrary File Upload vulnerability that can be exploited by an attacker to upload arbitrary files and run code in context of the webserver process. As of this writing, a fix has not yet been released. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/47709

 

8) Adobe RoboHelp Server and RoboHelp Cross-Site Scripting Vulnerability

 

Adobe RoboHelp Server and RoboHelp are susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Patches which resolve this issue are available. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/47839

 

9) Computer Associates eHealth Cross-Site Scripting Vulnerability

 

Computer Associates eHealth is susceptible to a Cross-Site Scripting vulnerability. Arbitrary script code can be executed in context of the affected site in the browsers of unsuspecting users if this vulnerability is successfully exploited. Updates which resolve this issue are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/47795

 

10) Horde Security Bypass and HTML Injection Vulnerabilities

 

Horde is susceptible to HTML Injection and  security bypass vulnerabilities. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. The security bypass issues can be exploited to perform unauthorized actions.  Updates which resolve these issues are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/47708

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.