PeopleTools version 8.49 suffers from a brute forcing vulnerability that bypasses the account lock-out mechanism.
1794832b45dbd92fd22d7dfa4a7894a3017ca74fc0a57e60ed4181884fae20ed
Oracle versions 8i, 9i, 10g Release 1, and 10g Release 2 suffer from an unauthenticated proxy vulnerability.
ec3cad539a775dde2997a1297f85c3d7574fae33267cd0c9794bbc00b97b00db
Brief whitepaper discussing the hacking of AJAX DWR applications.
6c5d8ba8ddbd21a85894c20cb3d5862246ff8206bb67d1314a13e58a171b8c3e
During the login process an Oracle user with no more than "create session" privileges can execute commands in the context of the special database user SYS. This of course grants any user the highest administrative privileges possible.
5654f5ca442c76e942e2de9a76a7f061f6bb9e8ac7882e58e3aaf46e84d49f71
Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
08653c6229ab236fa5b5c28b167c87d32b7d71b68342d06f9afedf0d1dc76728
A white paper from the Imperva Application Defense Center entitled 'SQL Injection Signature Evasion'. This paper discusses how protecting against SQL injection attacks using signatures is not enough.
03d6daf972705613464988cfa766093ecc5478c6bc77a3064f497d825b56093f