Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08 - Top Web Vulnerabilities -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
Top Web Vulnerabilities
»
Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08
Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08
Top Web Vulnerabilities
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
The Top Five is moving...
Top Five Web Application Vulnerabilities 3/22/09 - 4/12/09
Top Five Web Application Vulnerabilities 3/2/2009 - 3/21/2009
Top Five Web Application Vulnerabilities 2/17/09 - 3/1/09
Top Five Web Application Vulnerabilities 2/2/09 - 2/16/09
Archives
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (2)
December 2008 (2)
November 2008 (1)
October 2008 (2)
September 2008 (3)
August 2008 (2)
July 2008 (2)
June 2008 (3)
May 2008 (1)
April 2008 (3)
March 2008 (2)
February 2008 (2)
August 2007 (1)
July 2007 (3)
June 2007 (2)
May 2007 (2)
April 2007 (2)
March 2007 (2)
February 2007 (2)
1) Novell Groupwise WebAccess Simple Interface Cross-Site Scripting
Novell Groupwise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A patch which addresses this issue has been released. Contact the vendor for additional details.
http://secunia.com/advisories/30839
2)
HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting Vulnerability
HP System Management Homepage (SMH) is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which address this issue have been released. Contact the vendor for further details.
http://www.securityfocus.com/bid/30029
3) phpMyAdmin Cross-Site Scripting Vulnerabilities
phpMyAdmin is susceptible to multiple Cross-Site Scripting vulnerabilities. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user.
A fix for these issues has been released. Contact the vendor for more information.
http://secunia.com/advisories/30813
4) Drupal Taxonomy Autotagger SQL Injection and Script Insertion
The Taxonomy Autotagger module for Drupal is susceptible to SQL Injection and Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks.
A fix for these issues has been released. Contact the vendor for further details.
http://secunia.com/advisories/30933
5)
Academic Web Tools SQL Injection and Cross-Site Scripting
Academic Web Tools is susceptible to SQL Injection and Cross-Site Scripting attacks.
SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. The Cross-Site Scripting vulnerability can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Fixes which address these issues have not yet been released. Contact the vendor for more details.
http://secunia.com/advisories/30763
Posted
07-07-2008 8:43 PM
by
mark.painter
Privacy Statement