Peopletools@8.42 Security Vulnerabilities and Issues — Peopletools@8.42 CVE List

Lucene search

PeoplesoftPeopletools8.42

6 matches found

CVE•added 2003/12/15 5:0 a.m.•41 views

CVE-2003-0629

Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.

4.3CVSS5.9AI score0.00314EPSS

CVE•added 2006/02/08 1:2 a.m.•37 views

CVE-2006-0584

The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.

2.1CVSS6.3AI score0.0007EPSS

CVE•added 2003/12/15 5:0 a.m.•34 views

CVE-2003-0950

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.

7.5CVSS8AI score0.00982EPSS

CVE•added 2005/04/14 4:0 a.m.•31 views

CVE-2003-0626

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.

5CVSS6.8AI score0.00763EPSS

CVE•added 2005/04/14 4:0 a.m.•29 views

CVE-2003-0627

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.

5CVSS6.8AI score0.00911EPSS

CVE•added 2003/12/15 5:0 a.m.•29 views

CVE-2003-0628

PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.

5CVSS6.7AI score0.00497EPSS