Browse by Tags - The HP Security Laboratory Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
The HP Security Laboratory Blog
»
All Tags
»
XSS
(RSS)
Browse by Tags
The HP Security Laboratory Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Top Five Web Application Vulnerabilities 5/12/09 - 5/25/09
Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09
Top Five Web Application Vulnerabilities 4/13/09 - 4/26/09
Scrubbr - New Stored XSS Finder
XSS+phishing in Italian bank hack
Tags
Ajax
Ajax Security Book
cross-site scripting
cross-site scripting
Firefox
hacked
hackers
Headers
hipaa
HTML Injection
html injection
information disclosure
input validation
JavaScript
malware
Microsoft
Password Security
personal health information
Privacy
Research
security
SQL Injection
web application security
wordpress
XSS
View more
Archives
May 2009 (5)
April 2009 (5)
March 2009 (5)
February 2009 (6)
January 2009 (7)
December 2008 (2)
November 2008 (1)
August 2008 (1)
June 2008 (1)
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
Ajax
Apache Geronimo
Citrix Web Interface
conferences
cross-site scripting
CS Whois Lookup
glassfish enterprise server
hacked
html injection
icewarp merak mail server
input validation
iPhone
JavaScript
jetty
malware
Novell GroupWise WebAccess
Novell Teaming
phishing
PHPCode Injection
phpMyAdmin
Safari
SAP cFolders
SQL Injection
Sun Java System Communications Express
Sun Java System Portal Server
top five web application vulnerabilities
worm
xsrf
Top Five Web Application Vulnerabilities 5/12/09 - 5/25/09
1) Novell GroupWise WebAccess Multiple Security Vulnerabilities Novell GroupWise WebAccess is susceptible to multiple vulnerabilities including Cross-Site Scripting and issues of security restriction bypass. Attackers who successfully exploit these vulnerabilities...
Published
05-27-2009 3:16 PM
by
mark.painter
Filed under:
XSS
,
phpMyAdmin
,
top five web application vulnerabilities
,
PHPCode Injection
,
Sun Java System Communications Express
,
Sun Java System Portal Server
,
Novell GroupWise WebAccess
Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09
1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created...
Published
05-11-2009 8:24 PM
by
mark.painter
Filed under:
XSS
,
SQL Injection
,
Citrix Web Interface
,
glassfish enterprise server
,
icewarp merak mail server
,
cross-site scripting
,
jetty
,
top five web application vulnerabilities
Top Five Web Application Vulnerabilities 4/13/09 - 4/26/09
1) Apache Geronimo Application Server Multiple Remote Vulnerabilities Apache Geronimo Application Server is susceptible to multiple vulnerabilities including Cross-Site Scripting, HTML Injection, directory traversal, and Cross-Site Request Forgery. Successful...
Published
04-27-2009 7:36 PM
by
mark.painter
Filed under:
XSS
,
Apache Geronimo
,
Novell Teaming
,
SAP cFolders
,
phpMyAdmin
,
html injection
,
CS Whois Lookup
,
xsrf
Scrubbr - New Stored XSS Finder
Aspect Security has just released, through OWASP , a new tool called " Scrubbr ". Scrubbr is a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS...
Published
02-23-2009 4:56 PM
by
Chris Sullo
Filed under:
worm
,
malware
,
XSS
,
JavaScript
,
input validation
XSS+phishing in Italian bank hack
Netcraft is reporting today about a phishing attack leveraging XSS against an Italian bank. From the article (emphasis mine) An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to...
Published
01-10-2008 11:43 AM
by
Billy
Filed under:
XSS
,
phishing
,
hacked
SPI Labs advises avoiding iPhone feature
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various...
Published
07-16-2007 3:40 PM
by
Billy
Filed under:
XSS
,
Safari
,
iPhone
Speaking at Shmoo
I’m really excited to be speaking at Shmoocon again and especially excited about my presentation this Saturday at 1pm. Javascript Malware for a Gray Goo Tomorrow focuses on the increased scope of damage caused by Cross-Site Scripting (XSS) vulnerabilities...
Published
03-22-2007 5:05 PM
by
Billy
Filed under:
Ajax
,
conferences
,
XSS
,
JavaScript
Privacy Statement