211522 Resource 202615 202768 202768 1219285870417 1230762315841 Controlled Q2 2008 Trends Report from Cenzic Web application security trends report for Q2 2008 from Cenzic <p>Cenzic, the leading Web application security provider, released their <a href="http://www.cenzic.com/cia_research/trends_reports.php"><strong><u>Q2 2008&nbsp;Trends Report</u></strong></a> on August 25.&nbsp;&nbsp;&nbsp; </p><p>Here&rsquo;s a summary&nbsp;of what the report entails.</p><p>Cenzic analyzed reported information for <strong>April 2008 through June 2008</strong> from vulnerability sources such as SecurityFocus, CVE, SANS, USCERT, SecurityTracker, and other third party databases and found these top 10 vulnerabilities listed below.&nbsp; Among the top 10 issues, the usual suspects like <strong>Adobe, IBM, Sun, and QuickTime</strong> show the most vulnerabilities.</p><p><strong>Top 10 Vulnerabilities for Q2 2008</strong>&nbsp; </p><ol><li>Adobe Flash Player cross-site request forgery vulnerability</li><li>Adobe Flash Player DeclareFunction2 arbitrary code execution&nbsp;</li><li>Bugzilla Cross-Site Scripting Vulnerability via &lsquo;id&rsquo; parameter&nbsp;</li><li>QuickTime Heap Overflow in PICT file processing lets remote attackers execute arbitrary code</li><li>IBM Lotus Domino HTTP header buffer overflow&nbsp;</li><li>Sun Java System Web Server Cross-Site Scripting</li><li>Quicktime AAC-Encoded media handling bug lets remote attackers execute arbitrary code.&nbsp;</li><li>IBM Workspace vulnerabilities allow a remote attacker to conduct Cross-Site Scripting and Cross-Site Request Forgery.</li><li>Adobe Acrobat and Adobe Reader arbitrary code execution.</li><li>Sun Java System Access Manager allows remote code execution via malformed XML Signature</li></ol><p>by<br /><strong>Erin Swanson<br /></strong><a href="mailto:Eswanson@cenzic.com"><strong><u>Eswanson@cenzic.com</u></strong></a></p> 9 application/xml false Cenzic Cenzic Quarterly Trends Reports Read the Cenzic quarterly trends reports http://www.cenzic.com/cia_research/trends_reports.php Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 127.0.0.1 127.0.0.1 eswanson 64.60.123.45 false true false false true 204329 false false true false false false true 202615 blog blogsite/Cenzic/web