Read more articles in Web Application Security Insights
|
 |
| August 20, 2008 | | Web application security trends report for Q2 2008 from Cenzic | Cenzic, the leading Web application security provider, released their Q2 2008 Trends Report on August 25. Here’s a summary of what the report entails. Cenzic analyzed reported information for April 2008 through June 2008 from vulnerability sources such as SecurityFocus, CVE, SANS, USCERT, SecurityTracker, and other third party databases and found these top 10 vulnerabilities listed below. Among the top 10 issues, the usual suspects like Adobe, IBM, Sun, and QuickTime show the most vulnerabilities. Top 10 Vulnerabilities for Q2 2008 - Adobe Flash Player cross-site request forgery vulnerability
- Adobe Flash Player DeclareFunction2 arbitrary code execution
- Bugzilla Cross-Site Scripting Vulnerability via ‘id’ parameter
- QuickTime Heap Overflow in PICT file processing lets remote attackers execute arbitrary code
- IBM Lotus Domino HTTP header buffer overflow
- Sun Java System Web Server Cross-Site Scripting
- Quicktime AAC-Encoded media handling bug lets remote attackers execute arbitrary code.
- IBM Workspace vulnerabilities allow a remote attacker to conduct Cross-Site Scripting and Cross-Site Request Forgery.
- Adobe Acrobat and Adobe Reader arbitrary code execution.
- Sun Java System Access Manager allows remote code execution via malformed XML Signature
by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
