1) Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
Cisco User-Changeable Password (UCP) is susceptible to multiple remote issues including Cross-Site Scripting and buffer-overflows vulnerabilities. If successfully exploited, the buffer overflows can be utilized to execute code in context of the affected application and possibly facilitate the compromise of the affected system. The Cross-Site Scripting vulnerability can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. These issues have been addressed in UCP 4.2. Contact the vendor for further details.
http://www.securityfocus.com/bid/28222/discuss
2) SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
SAP Web Application Server is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. This issue has reportedly been resolved. Contact the vendor for additional details.
http://www.securityfocus.com/bid/29317
3) IBM Lotus Domino Web Server Unspecified Cross-Site Scripting Vulnerability
IBM Lotus Domino Web Server is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes have been released. Contact the vendor for more details.
http://www.securityfocus.com/bid/29311
4) IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site Scripting Vulnerability
IBM Lotus Quickr is susceptible to an unspecified Cross-Site Scripting vulnerability. Cross-Site Scripting is caused by insufficient filtration of user supplied input, and can be used to steal cookie based authentication credentials and conduct other attacks. Fixes which address this issue have been released. Contact the vendor for additional information.
http://www.securityfocus.com/bid/29175
5) Cisco BBSM Captive Portal Cross-Site Scripting
Cisco BBSM (Building Broadband Service Manager) Captive Portal is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. An update which addresses this issue has been released. Contact the vendor for more information.
http://www.securityfocus.com/bid/29191
Posted
06-04-2008 9:29 PM
by
mark.painter