Top Five Web Application Vulnerabilities 2/2/09 - 2/16/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 2/2/09 - 2/16/09
Top Five Web Application Vulnerabilities 2/2/09 - 2/16/09

1) Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities

Cisco IOS HTTP Server is susceptible to multiple instances of Cross-Site Scripting. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.  A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/33625

2) Novell QuickFinder Server Multiple Cross-Site Scripting Vulnerabilities

Novell QuickFinder Server is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials.  A fix has not yet been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/33708

3) Bugzilla HTML Injection and Cross-Site Request Forgery Vulnerabilities

Bugzilla is susceptible to multiple vulnerabilities including HTML Injection and Cross-Site Request Forgery. HTML Injection can be leveraged to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Cross-Site Request Forgery can give an attacker the means to perform arbitrary actions in the context of an authenticated user.  Updates which address these issues have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/33580

4) HP Multiple LaserJet Printers Unspecified Directory Traversal Vulnerability

Multiple HP LaserJet printers are susceptible to a directory traversal vulnerability. Successful exploitation would give a remote attacker the means to  view arbitrary local files within the context of the webserver. Updates which resolve this issue have been released.  Contact the vendor for additional details.

http://www.securityfocus.com/bid/33611

5) Typo3 Cross-Site Scripting and Information Disclosure

Typo3 is susceptible to multiple vulnerabilities including Cross-Site Scripting and an instance of information disclosure. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. The information disclosure vulnerability can be exploited to reveal sensitive information. An update which resolves these issues has been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/33714

Posted 02-17-2009 9:30 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems