CVE-2006-0584
https://notcve.org/view.php?id=CVE-2006-0584
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings. La función PSCipher en PeopleSoft People Tools 8.4x usa PKCS #5 con una clave DES fija para almacenar contraseñas de usuarios, lo que hace fácil para un usuario local adivinar contraseñas con un ataque de diccionario. • http://www.osvdb.org/22952 http://www.securityfocus.com/archive/1/424086/100/0/threaded http://www.securityfocus.com/bid/16507 •
CVE-2004-2435
https://notcve.org/view.php?id=CVE-2004-2435
Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. • http://secunia.com/advisories/12674 http://www.auscert.org.au/render.html?it=4419 http://www.securityfocus.com/bid/11275 http://www.securitytracker.com/alerts/2004/Sep/1011433.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17543 •
CVE-2003-0627
https://notcve.org/view.php?id=CVE-2003-0627
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. • http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html http://www.secunia.com/advisories/10225 http://www.securityfocus.com/bid/9038 https://exchange.xforce.ibmcloud.com/vulnerabilities/13754 •
CVE-2003-0950
https://notcve.org/view.php?id=CVE-2003-0950
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file. PeopleSoft, PeopleTools, 8.1x, 8.2x, y 8.4x permite que atacantes remotos ejecuten comando arbitrarios subiendo un fichero al Servlet IClient, adivinando el nombre del directorio usado para el almacenar el fichero (no suficientemente aleatorio) y por tanto accediendo al fichero. • http://www.securityfocus.com/bid/9041 http://xforce.iss.net/xforce/alerts/id/157 https://exchange.xforce.ibmcloud.com/vulnerabilities/12805 •
CVE-2003-0628
https://notcve.org/view.php?id=CVE-2003-0628
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. PeopleSoft Gateway Administration servlet (gateway.administration) en PeopleTools 8.43 y anteriores permite a atacantes remotos obtener las rutas completas de ficheros incluidos en el servidor (server-side includes) mediante una petición HTTP con un valor no válido. • http://marc.info/?l=bugtraq&m=106874146204158&w=2 •