PT-2026-34075

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2021-2404

Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft component: e-mail notification. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Oracle Integration Gateway File Upload Vulnerability

Exploit for windows platform in category web applications 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway PSIGW Advisory ID: ERPSCAN-17-039 Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/ Risk: High Date published:...

Oracle PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS Vulnerabilities

PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability. 1. ADVISORY INFORMATION Title: Multiple XSS POST request Vulnerabilities in TestServlet PeopleSoft Advisory ID: ERPSCAN-17-037 Advisory URL:...

Oracle PeopleSoft - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017...

Oracle PeopleSoft - Server-Side Request Forgery

Oracle PeopleSoft - Server-Side Request Forgery Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference...

Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE

Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk ERPScan Description 1...

Oracle PeopleSoft HCM 9.2 XXE Injection

Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk ERPScan Description 1...

Oracle PeopleSoft HCM 9.2 XXE Injection Vulnerability

Exploit for windows platform in category remote exploits Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April...

Directory Traversal Vulnerability in Integration Gateway (PSIGW)

Application: Oracle PeopleSoft Versions Affected: PeopleTools 8.54, 8.55 Vendor: Oracle Bugs: Directory Traversal Reported: 27.03.2017 Vendor response: 28.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Roman Shalymov ERPScan VULNERABILITY INFORMATION Class:...

Oracle PeopleSoft HCM 9.2 Cross Site Scripting Vulnerability

Exploit for windows platform in category local exploits Application: Oracle PeopleSoft Vendor: Oracle Bugs: XXS Reported: 31.10.2016 Vendor response: 1.11.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Authors: Vahagn Vardanyan, Dmitry Yudin 1. ADVISORY INFORMATION Title:...

SSRF in PeopleSoft IMServlet

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor: Oracle Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Authors: Roman Shalymov ERPScan...