Description
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player Cross-Site Request Forgery (7.5.30.7210)
Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4304)
WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)