Microsoft Exchange Server Improperly Manages User Sessions Vulnerability

Microsoft Exchange Server is an enterprise-class mail service program. A security vulnerability exists in Microsoft Exchange Server that allows a remote attacker to exploit the vulnerability to submit a special request to access the application in another user's context...

PT-2013-06: Current User Context Access in Oracle Siebel CRM

The specialists of the Positive Research center have detected a Current User Context Access vulnerability in Oracle Siebel CRM. An attacker is able to access the system and operate in the name of aby user. The attacker can get context bruteforcing certain cookie values. All systems with hard-code...