Top Five Web Application Vulnerabilities 3/31/08 - 4/13/08

Published 14 April 08 05:16 PM | mep 

1) F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability

F5 BIG-IP Web Management Interface is susceptible to a remote code injection vulnerability. Attackers who successfully exploit this vulnerability could execute arbitrary code with the privileges of the user of the affected application. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/28639/

2) Cisco Unified Communication Manager Multiple Vulnerabilities

Cisco Unified Communication Manager is susceptible to multiple remote vulnerabilities including instances of SQL Injection, information disclosure, and unauthorized access. If exploited, these vulnerabilities could lead to compromise of the application, leveraged to gain unauthorized application access, or utilized to obtain sensitive information. A fix has not yet been released. Contact Cisco for further details.

http://www.securityfocus.com/bid/28690

3) Drupal Menu System Security Bypass Vulnerabilities

Drupal is susceptible to multiple security-bypass vulnerabilities via the menu system because the application fails to properly control access to certain pages. Successful exploitation would give an attacker access to sensitive information which could likely be utilized in orchestrating more damaging attacks. Updates which resolve these issues have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/28714

4) Microsoft SharePoint Server Picture Source HTML Injection Vulnerability

Microsoft SharePoint Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. An attacker needs to utilize a user account with page editing privileges to successfully exploit this vulnerability. A fix has not yet been released. Contact Microsoft for additional details.

http://www.securityfocus.com/bid/28706

5) SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting Vulnerability

SAP NetWeaver is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information.  Note that this issue can be resolved by activating 'Secure Editing' in the Portal. Contact the vendor for more information.
http://www.securityfocus.com/bid/28699

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required)