HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Top Five Web Application Vulnerabilities 9/14/09 - 9/27/09

1) Novell GroupWise WebAccess Cross-Site Scripting Vulnerability


Novell GroupWise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this vulnerability to execute script code in the browser of an unsuspecting user in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Updates which resolve this issue have been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/36437


2) IBM Lotus Quickr Multiple HTML Injection Vulnerabilities


IBM Lotus Quickr is susceptible to multiple HTML Injection vulnerabilities. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Fixes which address these vulnerabilities are available. Contact the vendor for more details.


http://www.securityfocus.com/bid/36527


3) IBM WebSphere Application Server Eclipse Help Cross-Site Scripting Vulnerability


IBM WebSphere Application Server (WAS) is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve this vulnerability have been released. Contact the vendor for further information.


http://www.securityfocus.com/bid/36455


4) OSSIM SQL Injection, Cross Site Scripting and Unauthorized Access Vulnerabilities


OSSIM is vulnerable to multiple vulnerabilities including SQL Injection, Cross-Site Scripting, and unauthorized access. If exploited, these vulnerabilities could lead to compromise of the application, the theft of confidential information and authentication credentials, or be utilized in conducting additional database attacks. Updates which resolve these issues are available. Updates which resolve these issues are available. Contact the vendor for additional details.


http://www.securityfocus.com/bid/36504


5) IBM Lotus Connections 'simpleSearch.do' Cross-Site Scripting Vulnerability


IBM Lotus Connections is susceptible to a Cross-Site Scripting vulnerability. This can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve this issue are available. Contact the vendor for more information.


http://www.securityfocus.com/bid/36513

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.