HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Displaying articles for: November 2011

Top 10 Web Application Vulnerabilities October 2011

1) Novell XTier Framework HTTP Header Remote Integer Overflow Vulnerability

 

Novell XTier  is susceptible to a remote Integer Overflow vulnerability due to a failure of the application to sanitize user supplied input. Successful  exploitation will give an attacker the means to execute arbitrary code in context of the vulnerable application, with failed attempts likely leading to Denial of Service condition.  As of this writing, no fix has been released.  Contact the vendor for further instruction.

 

http://www.securityfocus.com/bid/50363

 

2) Oracle Database SQL Injection Vulnerability

 

Oracle Database is susceptible to a SQL Injection Vulnerability. Successful exploitation could give an attacker the means to access or modify backend database contents, or in some circumstances be utilized to take control of the server hosting the database.  Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/50203

 

3) IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

 

IBM WebSPhere Application Server is susceptible to a Cross-Site Request Forgery vulnerability.  Cross-Site Request Forgery relies on a browser to retrieve and execute an attack. It includes a link or script in a page that connects to a site that the user may have recently used. The script then conducts seemingly authorized yet malicious actions on the user’s behalf. Updates which resolve this vulnerability are available. Contact the vendor for further details.
 
http://www.securityfocus.com/bid/43875

 

4) Multiple Cisco Products  Directory Traversal Vulnerability

 

Multiple Cisco products are susceptible to a Directory Traversal vulnerability. Successful exploitation would give an attacker the means to write arbitrary files outside the current application directory. Updates which resolve these issues are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/50372

 

5) Novell Identity Manager 'apwaDetail' Multiple Cross-Site Scripting Vulnerabilities

 

Novell Identity Manager is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve these issues are available. Contact the vendor for more information.

 

http://www.securityfocus.com/bid/49935

 

6) Cisco TelePresence Video Communication Server 'User-Agent' HTTP Header HTML Injection Vulnerability

 

Cisco TelePresence Video Communication Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which resolve this vulnerability are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/50084

 

7) Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities

 

Microsoft Forefront Unified Access Gateway is susceptible to several vulnerabilities including Cross-Site Scripting and HTTP Response Splitting. Cross-Site Scripting can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. HTTP Response Splitting can be used to influence how web content is served and interpreted.  Updates which resolve these issues are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/49979
http://www.securityfocus.com/bid/49974

 

8) IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting Vulnerability

 

IBM WebSphere ILOG Rule Team Server is susceptible to a Cross-Site Scripting vulnerability. Arbitrary script code can be executed in context of the affected site in the browsers of unsuspecting users if this vulnerability is successfully exploited. Updates which resolve this vulnerability are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/50368

 

9) Supermicro IPMI Web Interface Multiple Security Bypass Vulnerabilities

 

Supermicro is susceptible to multiple security bypass vulnerabilities that when exploited can give an attacker unintended application access and the ability to perform unauthorized actions. As of this writing a fix has not been released. Contact the vendor for further instruction.

 

http://www.securityfocus.com/bid/50097

 

10) Moodle Multiple Security Vulnerabilities

 

Moodle is susceptible to multiple remote vulnerabilities including SQL Injection, Cross-Site Request Forgery, Cross-Site Scripting,  information disclosure, and other data manipulation vulnerabilities.  If exploited, these vulnerabilities could lead to the theft of confidential information and authentication credentials, execution of malicious scripts in the browsers of unsuspecting users, or abuse of the trust a web application places in a user.  Updates which resolve these vulnerabilities are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/50283

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.