Read more articles in Web Application Security Insights
|
 |
| May 13, 2008 | | Web application security provider discovers majority of vulnerabilities in SAP, Adobe, Microsoft and IBM Rational in Q1 Security Trends Report |  Web application security provider, Cenzic, today announced their Q1 Trends Report for 2008. They analyzed reported information for January 2008 through March 2008 from vulnerability sources such as SecurityFocus, CVE, SANS, USCERT, SecurityTracker, and other third party databases and found these top 10 vulnerabilities listed below.
And if you are too lazy to actually read the report, you can listen to the podcast summary here. - MaxDB 'cons.exe' lets remote users execute arbitrary commands on the target system,
- Sun Java System Identity Manager Input Validation hole permits cross-site scripting attacks,
- Apache Input Validation Hole in Mod_AutoIndex when the character set is undefined may permit cross-site scripting attacks,
- QuickTime Movie and PICT File Processing bugs let remote users execute arbitrary code,
- Java Runtime environment lets remote applets and applications gain elevated privileges,
- Windows WebDAV Mini-Redirector Response Handling bug lets remote users execute arbitrary code,
- Java Web Start Buffer Overflow lets remote users read/write files and execute applications on the target user's system,
- Adobe ColdFusion Application setEncoding() bug permits cross-site scripting attacks,
- Asterisk Predictable Session IDs may let remote users hijack HTTP manager sessions, and
- Rational ClearQuest Input Validation holes permit cross-site scripting attacks.
So read the report today to see a detailed report of all the findings and statistics for the first quarter of 2008. by
Erin Swanson
ESwanson@cenzic.com | | |
|
|
