PeopleTools version 8.49 suffers from a brute forcing vulnerability that bypasses the account lock-out mechanism.
1794832b45dbd92fd22d7dfa4a7894a3017ca74fc0a57e60ed4181884fae20edOracle versions 8i, 9i, 10g Release 1, and 10g Release 2 suffer from an unauthenticated proxy vulnerability.
ec3cad539a775dde2997a1297f85c3d7574fae33267cd0c9794bbc00b97b00dbBrief whitepaper discussing the hacking of AJAX DWR applications.
6c5d8ba8ddbd21a85894c20cb3d5862246ff8206bb67d1314a13e58a171b8c3eDuring the login process an Oracle user with no more than "create session" privileges can execute commands in the context of the special database user SYS. This of course grants any user the highest administrative privileges possible.
5654f5ca442c76e942e2de9a76a7f061f6bb9e8ac7882e58e3aaf46e84d49f71Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
08653c6229ab236fa5b5c28b167c87d32b7d71b68342d06f9afedf0d1dc76728A white paper from the Imperva Application Defense Center entitled 'SQL Injection Signature Evasion'. This paper discusses how protecting against SQL injection attacks using signatures is not enough.
03d6daf972705613464988cfa766093ecc5478c6bc77a3064f497d825b56093f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed