-
1) HP Power Manager Management Web Server Login Remote Code Execution Vulnerability HP Power Manager is susceptible to a remote code execution vulnerability via the login form of the web based management web server due to improper bounds-checking of user-supplied data. Exploitation of this vulnerability...
-
1) TYPO3 Core Multiple Vulnerabilities TYPO3 is susceptible to multiple remote vulnerabilities including SQL-injection, Cross-Site Scripting, information disclosure, frame and session hijacking, and shell-command-execution issues. Each of these issues is exploitable via a browser, although some might...
-
1) Juniper Networks JUNOS J-Web Multiple Cross-Site Scripting And HTML Injection Vulnerabilities Juniper Networks JUNOS is susceptible to multiple Cross-Site Scripting and HTML Injection vulnerabilities. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal...
-
1) Novell GroupWise WebAccess Cross-Site Scripting Vulnerability Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this vulnerability to execute script code in the browser of an unsuspecting user in context of the affected application, possibly...
-
New studies have gone a long way in confirming that certain web application security trends are accelerating. The SANS Top Cyber Security Risks report reveals that a full 60% of Internet attacks are now conducted against web applications. It's no longer unpatched operating systems that provide attackers...
-
1) Ruby on Rails Form Helpers Unicode String Handling Cross-Site Scripting Vulnerability Ruby on Rails is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application...
-
1) Adobe Flex SDK 'index.template.html' Cross Site Scripting Vulnerability Adobe Flex SDK is susceptible to a Cross-Site Scripting vulnerability. This can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials in context of a web...
-
For nearly a decade, those of us in web security have been doing a disservice to ourselves and, more importantly, our customers. Like Pavlov, we've trained people to respond to certain stimuli. Rather than a bell, we've relied heavily on the alert() dialog box to prove our point--that cross-site...
-
1) Oracle Config Management Multiple SQL-injection Vulnerabilities Oracle Config Management is susceptible to multiple SQL Injection vulnerabilities. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system...
-
1) Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting Vulnerability Multiple Hitachi Business Logic products are susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be...
-
1) Oracle Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Vulnerability Oracle Database is susceptible to a Cross-Site Scripting vulnerability that affects the Secure Enterprise Search component. If successful, Cross-Site Scripting can be exploited to manipulate or steal...
-
1) F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting Vulnerability F5 Networks FirePass SSL VPN is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a...
-
Security can be frustrating. It's even more frustrating when you know you have a possible mitigant for one of the more prevalent attacks (dating back to 2002) such as Cross-Site Scripting (XSS) and it takes years to implement this fix. Now, arguably, Cross-Site Scripting (XSS) is one of those attacks...