Security - Baseline

Home

Security

10 Most Dangerous Web Application Vulnerabilities

By Ericka Chickowski on 2010-03-05

Security company Cenzic released at RSA their findings for the second half of 2009. Web app vulnerabilities are popping up throughout the enterprise as more organizations depend on insecure, quickly developed apps for Web 2.0 features and functionality. Cenzic did not rank the following apps by degree of danger. See also: 25 Dangerous Programming Errors, How to Stop SQL Injections.

Adobe Flash Media Server Directory Traversal Vulnerability

Allows hackers to load arbitrary DLL files through unspecified vectors.

10 Most Dangerous Web Application Vulnerabilities - Security

Juniper Networks JUNOS J-Web Multiple Cross Site Scripting And HTML Injection Vulnerabilities

Unsanitized user-supplied data allows attackers to steal authentication credentials, among several attacks.

Citrix XenCenterWeb: Multiple Vulnerabilities

Attackers are able to execute arbitrary SQL commands through the username parameter.

Oracle E-Business Suite Multiple Remote Vulnerabilities

Authentication-bypass and HTML-injection weakness give attackers the means to steal credentials and bypass security.

Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities

Attackers can steal credentials and execute malicious scripts in users' browsers.

SSLv3/TLS Renegotiation Stream Injection

Attackers are able use this vulnerability to carry out man-in-the-middle attacks.

Active Directory Federation Services (ADFS) in Microsoft Windows Server IIS Arbitrary Code Execution

Remote unauthenticated users can execute arbitrary code throughspecially crafted requests to an IIS Web server.

HP ProCurve Switch Management Interface Multiple HTML Injection Vulnerabilities

Allows theft of cookie-based authentication credentials, execution of arbitrary code within the site or changing of site appearance.

Sun Virtual Desktop Infrastructure Authentication Mechanism Unauthorized Access Vulnerability

Remote attackers can access VDI through requests to an Apache HTTP server due to deficiencies in VirtualBox authentication processes.

Sun Java SE November 2009 Multiple Security Vulnerabilities

Attackers can leverage these vulnerabilities to execute arbitrary commands through speciall-crafted web pages.

Recent Slideshows

See All Slideshows

	LATEST STORIES
	- Five Ways to Put Mobile Technology to Work - Ten iPhone Apps that Will Save You Money - Mobility Transforms the Customer Relationshi... - BPM Keeps Pace With Business Changes - Speech Recognition Speaks To Businesses

Baseline Newsletters

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By


		Get up and running in as quickly as 30 days with BI. Learn how today. FREE Securing Smartphones & Tablets for Dummies Book from Sophos 5 New Technologies That Will Change Enterprise IT Build an IT Infrastructure That Delivers the Future

Baseline:	Issue Index \| Contact Us \| About \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Technology White Papers \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.

Baseline:	Issue Index \| Contact Us \| About \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Technology White Papers \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.