Top Five Web Application Vulnerabilities 3/1/1/10 - 3/14/10

1) HP Performance Insight Remote Command Execution Vulnerability


HP Performance Insight is susceptible to a remote code execution vulnerability. Remote attackers can execute arbitrary commands via vectors involving upload of a JSP document. A fix which resolves this issue has been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/38611


2) eGroupware Cross-Site Scripting and Remote Command Execution Vulnerabilities


eGroupware is susceptible to a Cross-Site Scripting and a Remote Command Execution vulnerability. The remote command execution vulnerability can be exploited via an HTTP request, and can allow an attacker to execute arbitrary shell commands in context of the webserver process. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve these vulnerabilities have been released. Contact the vendor for more details.


http://www.securityfocus.com/bid/38609


3) Oracle Siebel 'loyalty_enu/start.swe' Cross-Site Scripting Vulnerability


Oracle Siebel is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. As of this writing, a fix has not yet been released. Contact the vendor for further details.


http://www.securityfocus.com/bid/38456


4) IBM Lotus Domino 'readme.nsf' Cross-Site Scripting Vulnerability


IBM Lotus Domino is susceptible to a Cross-Site Scripting vulnerability. Theft of cookie-based authentication credentials is one of the main risks associated with a Cross-Site Scripting attack. Updates which resolve this issue have been released. Contact the vendor for additional details.


http://www.securityfocus.com/bid/38481


5) IBM ENOVIA SmarTeam 'LoginPage.aspx' Cross-Site Scripting Vulnerability


IBM ENOVIA SmarTeam is susceptible to a Cross-Site Scripting vulnerability. This can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. As of this writing, a fix has not yet been released. Contact the vendor for more information.


http://www.securityfocus.com/bid/38612

Comments
| ‎03-23-2010 04:36 AM

That is what I need, thank you very much!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.