-
1) HP Power Manager Management Web Server Login Remote Code Execution Vulnerability HP Power Manager is susceptible to a remote code execution vulnerability via the login form of the web based management web server due to improper bounds-checking of user-supplied data. Exploitation of this vulnerability can give an attacker the means to enact SYSTEM
-
HP is looking for a qualified Sr. Application Security Consultant that has deep Application Security experience. Consultant should have experience with performing Web Application Assessments, Network Penetration Testing, and be capable of manually exploiting/validating any vulnerabilities identified. In addition to being able to perform security testing
-
The HP Application Security Center has several presentations at the upcoming OWASP Global Summit In Washington, DC. Ryan English, Rafal Los, Dennis Hurst and Kim Dinerman will all be there. More information about the summit can be found here: OWASP Global Summit . Details concerning each of our presentations follow here: Dennis Hurst at OWASP “
-
1) TYPO3 Core Multiple Vulnerabilities TYPO3 is susceptible to multiple remote vulnerabilities including SQL-injection, Cross-Site Scripting, information disclosure, frame and session hijacking, and shell-command-execution issues. Each of these issues is exploitable via a browser, although some might require a valid backend login. If exploited, these
-
The American Recovery and Reinvestment Act of 2009 (aka the stimulus package) included funds to both implement electronic health records and rules to specifically improve personal health information breach notification rules. It’s ironic, then, that the rush to digitize personal health information didn’t include implementing security. A
-
1) Juniper Networks JUNOS J-Web Multiple Cross-Site Scripting And HTML Injection Vulnerabilities Juniper Networks JUNOS is susceptible to multiple Cross-Site Scripting and HTML Injection vulnerabilities. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious
-
A new report this week from ITC reveals that eighty-five percent of IT security decision makers think that losing data via an external threat is "very unlikely." Wow. Once upon a time, anyone involved in application security had a need to educate potential customers on why application security was important. You remember. It's not the
-
The Independent Oracle Users Group (IOUG) just released a database security survey of their members. As we've recently seen a lot, budget pressures are once again leading to increased risks. Organizations know there is a problem, understand it's getting worse, yet don't have the budget or resources to fix it. For instance, database breaches
-
1) Novell GroupWise WebAccess Cross-Site Scripting Vulnerability Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this vulnerability to execute script code in the browser of an unsuspecting user in context of the affected application, possibly leading to theft of authentication credentials and
-
New studies have gone a long way in confirming that certain web application security trends are accelerating. The SANS Top Cyber Security Risks report reveals that a full 60% of Internet attacks are now conducted against web applications. It's no longer unpatched operating systems that provide attackers with their main point of entry. In fact, patches