Top Five Web Application Vulnerabilities 11/10/08 - 11/30/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 11/10/08 - 11/30/08
Top Five Web Application Vulnerabilities 11/10/08 - 11/30/08

1) IBM Lotus Web Content Management Unspecified Cross-Site Scripting Vulnerabilities

IBM Lotus Web Content Management is susceptible to multiple Cross-Site Scripting vulnerabilities. If exploited, these vulnerabilities could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. Updates which address these issues have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/32408

2) RSA enVision Platform Web Console Password Hash Remote Information Disclosure Vulnerability

RSA enVision Platform is susceptible to a password hash information disclosure vulnerability which may be exploited to reveal  password hashes for web console users and aid in conducting further attacks. Fixes for this issue are available. Contact the vendor for further information.

http://www.securityfocus.com/bid/32473

3) Sun Java System Identity Manager Multiple Vulnerabilities

Sun Java System Identity Manager  is susceptible to multiple vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, HTML Injection, and directory traversal. Exploitation of these issues could lead to a complete compromise of the affected application. Fixes which address these issues have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/32262

4) IBM Tivoli Netcool Service Quality Manager Cross-Site Scripting and HTML Injection Vulnerabilities

IBM Tivoli Netcool Service Quality Manager is susceptible to Cross-Site Scripting and HTML Injection vulnerabilities. Cross-Site Scripting could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. HTML Injection  can be used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears.  A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/32233

5) Sun Java System Messaging Server Cross-Site Scripting Vulnerability

Sun Java System Messaging Server is susceptible to a Cross-Site Scripting vulnerability. This vulnerability can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Fixes which address this issue have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/32285

Posted 12-01-2008 8:20 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems