Tuesday, February 13, 2007

Top 5 Web Vulnerabilities - Updated Weekly By SPI

Top Five Web Application Vulnerabilities 1/29/07 - 2/11/07

1) PHP Version 5.2.0 and Prior Multiple Vulnerabilities

PHP version 5.2.0 and prior is susceptible to multiple security vulnerabilities. If exploited, these vulnerabilities could give an attacker the means to execute arbitrary code, write files in unauthorized locations, or create a denial-of-service condition. An upgrade which resolves these issues has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/22496/

2) Adobe ColdFusion User_Agent Error Page Cross-Site Scripting Vulnerability

Adobe ColdFusion is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix has not yet been released. Contact Adobe for more information.

http://www.securityfocus.com/bid/22401

3) Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability

Sun Java System Access Manager is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/22302/

4) Alipay Password Input ActiveX Control Remote Code Execution Vulnerability

Alipay ActiveX Control is susceptible to a Remote Code Execution vulnerability. An attacker who can lead a victim to a specially crafted page can then remotely execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly compromise the affected computers. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/22446

5) Coppermine Photo Gallery Admin.PHP Shell Command Execution Vulnerability

Coppermine Photo Gallery is susceptible to a Shell Command Execution vulnerability that could allow an attacker to remotely execute arbitrary commands with the privileges of the user of the affected application. A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/22406/

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)