Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » XSS (RSS)

» Top Five Web Application Vulnerabilities 9/2/08 - 9/14/08

1) Joomla! Multiple Remote Vulnerabilities and Weaknesses Joomla! is susceptible to multiple remote vulnerabilities which are exploitable via a browser. Remote attackers can leverage these issues to conduct phishing attacks, redirect victims to attacker-controlled sites, and send unsolicited spam. Other...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 09-15-2008

» Top Five Web Application Vulnerabilities 8/18/08 - 9/1/08

1) Novell Forum TCL Command Injection Vulnerability Novell Forum is susceptible to a command injection vulnerability. Remote attackers can exploit this vulnerability via URL modification to execute TCL commands, possibly leading to compromise of the application and underlying web server. A fix has been...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 09-04-2008

» Top Five Web Application Vulnerabilities 7/21/08 - 8/03/08

1) Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability Sun Java System Web Sever 7.0 plugin for Sun N1 Service Provisioning System (N1SPS) is susceptible to a remote authentication bypass vulnerability. An attacker who leverages this vulnerability could gain...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 08-04-2008

» Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08

1) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability Microsoft Outlook Web Access (OWA) for Exchange Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 07-21-2008

» Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08

1) Novell Groupwise WebAccess Simple Interface Cross-Site Scripting Novell Groupwise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 07-07-2008

» Top Five Web Application Vulnerabilities 6/09/08 - 6/22/08

1) IBM Workplace Unspecified Cross-Site Scripting Vulnerability IBM Workplace for Business Controls and Reporting and IBM Workplace Web Content Management are susceptible to an unspecified instance of Cross-Site Scripting. An attacker can leverage this issue to execute script code in the browsers of...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 06-23-2008

» Top Five Web Application Vulnerabilities 5/26/08 - 6/08/08

1) Apache Tomcat Host Manager Cross-Site Scripting Vulnerability Apache Tomcat Host Manager is susceptible to Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix is available...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 06-10-2008

» Top Five Web Application Vulnerabilities 5/12/08 - 5/25/08

1) Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities Cisco User-Changeable Password (UCP) is susceptible to multiple remote issues including Cross-Site Scripting and buffer-overflows vulnerabilities. If successfully exploited, the buffer overflows can be utilized...
Posted to Top Web Vulnerabilities (Weblog) by mark.painter on 06-04-2008

» XSS+phishing in Italian bank hack

Netcraft is reporting today about a phishing attack leveraging XSS against an Italian bank. From the article (emphasis mine) An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details...
Posted to The HP Security Laboratory (Weblog) by Billy on 01-10-2008

» SPI Labs advises avoiding iPhone feature

The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including: Redirecting phone calls...
Posted to The HP Security Laboratory (Weblog) by Billy on 07-16-2007
Page 1 of 2 (14 items) 1 2 Next >
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.