Top Five Web Application Vulnerabilities 8/17/09 - 8/30/09 - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » Top Five Web Application Vulnerabilities 8/17/09 - 8/30/09
Top Five Web Application Vulnerabilities 8/17/09 - 8/30/09

1) Adobe Flex SDK 'index.template.html' Cross Site Scripting Vulnerability

Adobe Flex SDK is susceptible to a Cross-Site Scripting vulnerability. This can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials in context of a web application built using the SDK. Updates which resolve this issue are available. Contact the vendor for additional information.

http://www.securityfocus.com/bid/36087

2)Adobe ColdFusion Multiple Vulnerabilities

Adobe ColdFusion is susceptible to multiple vulnerabilities including instances of Cross-Site Scripting, HTML Injection, session fixation, and information disclosure. Victims can have their session hijacked and give an attacker unauthorized access to the application. Other possible attacks include having content added into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. The information disclosure vulnerability could also reveal sensitive information which could  lead to more damaging attacks. Updates which address each of these vulnerabilities are available. Contact the vendor for more information.

http://www.securityfocus.com/bid/36046 (HTML Injection)
http://www.securityfocus.com/bid/36096  (Double-Encoded NULL Character Information Disclosure)
http://www.securityfocus.com/bid/36056  (Cross Site Scripting)
http://www.securityfocus.com/bid/36053 (Multiple Cross-Site Scripting)
http://www.securityfocus.com/bid/36054 (Session Fixation)

3) Adobe JRun Multiple Unspecified Cross-Site Scripting Vulnerabilities

Adobe Jrun is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this issue are available. Contact the vendor for more details.

http://www.securityfocus.com/bid/36050

4)  IBM WebSphere Commerce Unspecified Information Disclosure Vulnerability

IBM WebSphere Commerce is susceptible to an information disclosure vulnerability.  An attacker can gather sensitive information, possibly leading to brute-force attacks against user accounts. Updates which resolve this vulnerability are available. Contact the vendor for further information.

http://www.securityfocus.com/bid/36151

5) Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access Vulnerability

Xerox WorkCentre is susceptible to a unauthorized access vulnerability. An attacker can leverage this vulnerability to access the device’s configuration settings and possibly acquire customer passwords. An advisory and patch which resolves this issue have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/36177

Posted 08-31-2009 9:15 PM by mark.painter
Filed under: , , ,

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems