WebAPP Multiple Vulnerabilities

Bugtraq ID:	22691
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2007 12:00AM
Updated:	Jul 03 2007 09:17PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Web-APP.org WebAPP 0.9.9 Web-APP.org WebAPP 0.9.9.5 Web-APP.org WebAPP 0.9.9.4 Web-APP.org WebAPP 0.9.9.3.5 Web-APP.org WebAPP 0.9.9.3.2 Web-APP.org WebAPP 0.9.9.3.1 Web-APP.org WebAPP 0.9.9.3 Web-APP.org WebAPP 0.9.9.2 Web-APP.org WebAPP 0.9.9.1
Not Vulnerable:	Web-APP.org WebAPP 0.9.9.6

WebAPP Multiple Vulnerabilities

WebAPP is prone to multiple vulnerabilities, including cross-site scripting issues, arbitrary-file-upload issues, remote script-code-execution issues, and a privilege-escalation issue.

Attackers could exploit these issues to steal cookie-based authentication credentials from legitimate users of the site and compromise the application and the underlying system; other attacks are also possible.

This issue affects versions prior to WebAPP 0.9.9.6.

WebAPP Multiple Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

WebAPP Multiple Vulnerabilities

Solution:
The vendor released an update to address these issues. Please see the references for more information.

WebAPP Multiple Vulnerabilities

References:

• Web-app.org WebAPP Home Page (Web-app.org)
  
• WebAPP version 0.9.9.6 Release Notes (web-app.org)