Top Five Web Application Vulnerabilities 10/12/09 - 10/25/09

1) TYPO3 Core Multiple Vulnerabilities


TYPO3 is susceptible to multiple remote vulnerabilities including SQL-injection, Cross-Site Scripting, information disclosure, frame and session hijacking, and shell-command-execution issues. Each of these issues is exploitable via a browser, although some might require a valid backend login. If exploited, these vulnerabilities could lead to a complete compromise of the application, the theft of confidential information and authentication credentials, hijacked user sessions, or execution of arbitrary commands in context of the web server process. Updates which resolve these issues are available. Contact the vendor for additional details.


http://www.securityfocus.com/bid/36801


2) IBM Rational RequisitePro ReqWebHelp Multiple Cross-Site Scripting Vulnerabilities


IBM Rational RequisitePro is susceptible to multiple Cross-Site Scripting vulnerabilities. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. An advisory and updates which address these issues are available. Contact the vendor for more information.


http://www.securityfocus.com/bid/36721


3) Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities


Websense Email Security is susceptible to Cross-Site Scripting and HTML Injection vulnerabilities. Successful exploitation of these issues could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues are available. Contact the vendor for further details.


http://www.securityfocus.com/bid/36741


4) Achievo Multiple Vulnerabilities


Achievo is susceptible to multiple vulnerabilities including Cross-Site Scripting, SQL Injection, and HTML Injection. Successful exploitation of these issues could be used to give an attacker the means to access or modify backend database contents, alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these issues are available. Contact the vendor for additional information.


http://www.securityfocus.com/bid/36661
http://www.securityfocus.com/bid/36660


5) NaviCOPA Source Code Information Disclosure Vulnerability


NaviCOPA is susceptible to a source code information disclosure vulnerability. An attacker can leverage this vulnerability to retrieve certain files from the affected system in context of the web server process. A fix has not yet been released. Contact the vendor for more details.


http://www.securityfocus.com/bid/36705

Comments
(anon) | ‎10-27-2009 11:06 AM

This post was mentioned on Twitter by HP_AppSecurity: Top Five Web Application Vulnerabilities 10/12/09 - 10/25/09: http://bit.ly/2KWTyV #security #web

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.