Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09 - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09
Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09

1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities

Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created content.  Successful exploitation would give an attacker the means to steal cookie-based authentication credentials, or simply alter how the site appears.  Other attacks are likely possible.  Updates which resolve these issues have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/34669

2) Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability

Citrix Web Interface is susceptible to a Cross-Site Scripting vulnerability.  If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which address this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/34761

3) IceWarp Merak Mail Server Multiple Vulnerabilities

IceWarp Merak Mail Server is susceptible to multiple vulnerabilities including SQL Injection, Cross-Site Scripting, and other input validation issues. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. Updates which resolve these issues have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/34820
http://www.securityfocus.com/bid/34825
http://www.securityfocus.com/bid/34827
http://www.securityfocus.com/bid/34823

4) GlassFish Enterprise Server Multiple Cross-Site Scripting Vulnerabilities

GlassFish Enterprise Server is susceptible to multiple Cross-Site Scripting vulnerabilities. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.  Updates which resolve these issues are available.  Contact the vendor for additional information.

http://www.securityfocus.com/bid/34824

5) Jetty Cross-Site Scripting and Information Disclosure Vulnerabilities

Jetty is susceptible to a Cross-Site Scripting and an information disclosure vulnerability. These vulnerabilities could be exploited to execute code in the browser of an unsuspecting user, steal cookie-based authentication credentials, or access sensitive information.  A fix which resolves these vulnerabilities has been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/34800

Posted 05-11-2009 8:24 PM by mark.painter
Filed under: ,

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems