Top Five Web Application Vulnerabilities 3/17/08 - 3/30/08

Published 01 April 08 05:03 PM | mep 

1) Webutil 'webutil.pl' Multiple Remote Command Execution Vulnerabilities
 
Webutil is susceptible to multiple command execution vulnerabilities which remote attackers can leverage to execute arbitrary commands. Successful exploitation can lead to a complete compromise of the affected application and underlying system. A fix has not yet been released. Contact the vendor for additional details.
 
http://www.securityfocus.com/bid/28393
 
2) IBM Rational ClearQuest Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities
 
IBM Rational ClearQuest is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Patches which resolve these issues have been released. Contact IBM for further information.
 
http://www.securityfocus.com/bid/28296
 
3) Imperva SecureSphere Cross-Site Scripting Vulnerability
 
Imperva SecureSphere is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which addresses this issue has been released. Contact the vendor for additional details.
 
http://www.securityfocus.com/bid/28279
 
4) Joomla! and Mambo Components Multiple SQL Injection Vulnerabilities
 
Multiple Joomla! and Mambo components are susceptible to SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. No fixes have yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28271
http://www.securityfocus.com/bid/28305
http://www.securityfocus.com/bid/28331
http://www.securityfocus.com/bid/28325
http://www.securityfocus.com/bid/28324
http://www.securityfocus.com/bid/28361
http://www.securityfocus.com/bid/28427
http://www.securityfocus.com/bid/28422
http://www.securityfocus.com/bid/28428
http://www.securityfocus.com/bid/28409
http://www.securityfocus.com/bid/28443
http://www.securityfocus.com/bid/28496
 
5) PHP-Nuke Platinum 'dynamic_titles.php' SQL Injection Vulnerability
 
PHP-Nuke Platinum is susceptible to a SQL Injection vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/28410

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required)