Top Five Web Application Vulnerabilities 9/28/09 - 10/11/09 - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » Top Five Web Application Vulnerabilities 9/28/09 - 10/11/09
Top Five Web Application Vulnerabilities 9/28/09 - 10/11/09

1) Juniper Networks JUNOS J-Web Multiple Cross-Site Scripting And HTML Injection Vulnerabilities

Juniper Networks JUNOS is susceptible to multiple Cross-Site Scripting and HTML Injection vulnerabilities. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/36537

2) Symantec SecurityExpressions Audit and Compliance Server Error Message HTML Injection Vulnerability

Symantec SecurityExpressions Audit and Compliance Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. An update which addresses this issue has been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/36571

3) Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Vulnerability

Novell eDirectory is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage these issues to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/36567

4) Interspire Knowledge Manager 'p' Parameter Directory Traversal Vulnerability

Interspire Knowledge Manager is susceptible to a parameter directory traversal vulnerability. Successful exploitation would give an attacker the means to view sensitive information which could lead to more damaging attacks. Updates which address this issue are available. Contact the vendor for additional details.

http://www.securityfocus.com/bid/36541

5) Kayako SupportSuite and eSupport 'functions_ticketsui.php' Cross-Site Scripting Vulnerability

Kayako SupportSuite and eSupport are susceptible to a Cross-Site Scripting vulnerability. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. An advisory and update which address these issues have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/36568

Posted 10-12-2009 8:12 PM by mark.painter
Filed under: ,

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems