DB links security bug?

Similar Messages

• Ongoing fatal crash and security bug related to connecting external display

  The infrastructures in OS X to resume from sleep, to authenticate, and to change displays is fundamentally not working.
  The security bug I have encountered has to do with connecting a cinema display exclusively to a MacBook Pro. This is a specific situation, but please note that I have experienced the same problem on no fewer than three independent laptop. Plus, the Genius in the Apple Retail Store was convinced of the general instability of this infrastructure. The security problem is that hot corners no longer function if I transition between two states in the same reboot. The first state is where I have the laptop powered on and using its own internal display exclusively (when I'm on the road). The second state is when I have the laptop displaying its output exclusively on an external display (when I'm at home). What happens is that an attempt to use hot corners fails. There is no response. I even added configuration on all four corners (whereas I originally had settings only for the rightmost corners), and even then, the hot corner action (of sleeping the display or entering locked screen saver mode) does not commence. This prevents the user from being able to secure the display on demand using standard methods that are supposed to work.
  The instability level related to connecting the external display exclusively is high. Again, I've experienced this on no fewer than three independent laptops, and the Apple Genius at the Retail Store confirmed that this aspect of OS X did not work consistently. When I want to connect the cinema display to the laptop in such a way that the laptop's own display is not part of the active screen, the process I use succeeds about half the time. Supposing I have been on the road, where I am using the laptop display exclusively. I then put the laptop to sleep. When I return home with the lid open, I connect first the USB (power) from the cinema display to the laptop, and then I connect the Mini DisplayPort. When that step works, what happens is that the login screen shows on the cinema display despite the fact that my laptop lid is closed. This is good, and is what I want. At that point, I open the laptop lid and quickly log in.
  With Apple being a mobile device company, I rely on the laptop for tasks that one traditionally may use a desktop for. This simply points to the versatility of the laptop. But I'd like the bugs resolved, so that I do not have to hesitate to make use of the inherent flexibility possible with the MacBook Pro.
  Here's what happens when the process (of connecting the external display in a way that establishes itself as the only screen in use by OS X) fails. Firstly, when I connect the external display via Mini DisplayPort, the laptop doesn't even respond. Instead, it remains asleep. So to work around it I have to repeatedly disconnect and reconnect the Mini DisplayPort so that the asleep MacBook Pro will see that there is a display connected to it. Also, sometimes that isn't even enough and I have to open the laptop lid, and put it to sleep again so as to trigger whatever actions are necessary to recognise the external display (presumably by having the laptop recently awake). Around half the time, I have to play this game of disconnecting and reconnecting until it actually works. This high level of reproducibility (confirmed by the Apple Genius representative's confidence that this part of the system doesn't actually work) should make it easy for an engineer to look into the problem.
  Fatally, and recently, OS X has completely crashed when I have attempted to connect the external display. The external display has gone completely blue, and after a half a minute, it blanked out and my entire laptop became unresponsive. I called Apple Support and was given a case number. I also took the laptop into the retail store to see if I could recover my current session without rebooting. There was no process suggested to make that happen and I was told to reboot the machine. I've had this happen before on other laptops, and it is frustrating that the kernel reaches such a state that it cannot be used. As I see it, this problem is not too unrelated to the way that I need to play a game in order to get the external display connected exclusively. Here are some workarounds that could be added:
  Firstly, whenever I connect an external display, I'd like the laptop to see that this has happened, and to take action accordingly (such as resuming from sleep). Secondly, If I connect an external keyboard, and press a key on it, I'd like this to wake the laptop too (in the event that the first method fails for some unforeseen reason). I'd also like the connection of the cinema display's USB power not to cause the laptop to enter into a confused state between asleep and awake. Sometimes I need to disconnect and reconnect USB power in order to trigger the laptop into waking, but that's only because it's not doing it on its own properly. On the other hand, I also ensure that the laptop doesn't have the Mini DisplayPort connected without also having the cinema display USB power connected, because that also is an unsupported configuration.
  I've also gotten the laptop to become confused about whether it is asleep or awake. When I open the lid, it seems to enter into sleep mode, but closing it seems to bring it into an active state.
  Also, I've successfully logged on and authenticated with the screen showing exclusively on the external display. But just ten seconds after I start using the system, the laptop falls asleep--with the lid open! Whatever triggers that action doesn't seem to be on track. The laptop is open, there are incoming events such as mouse movements and key presses, and the external display is on and is in use. And then the laptop falls asleep! This has happened numerous times. Not only should this not happen; the instances where it does happen can cause further instability and put my system at risk of fatally crashing.
  Also, the authentication system itself is highly buggy--far more than it should be. At times I have opened the laptop lid and caught a glimpse of a window before I have begun the login process. Also, an external authentication application that asks for Kerberos/AFS login credentials has been able to overlay itself on top of the primary authentication (whereas I should only see a single login dialog when I need to authenticate to the system). Also, I've had several of these authentication screens overlay on top of one another, although it's been months since I've experienced that one (so it may have been fixed). Also, around a third of the time, the window that authenticates me (on the black background) somehow transfers itself into the background (even though there's only one window!). What that means is what I begin to type my password, and now the laptop starts beeping at me and I need to manually click on the password field and begin entering my password again. This really shouldn't happen, and indicates too much complexity in this authentication process (such as, more OS X code is involved than is strictly necessary, which is likely to make the authentication system more difficult to test). Also, at times, I have been using too much CPU, such that the authentication screen takes too long to emerge. That also means that I'm not able to logon until I uncleanly shutdown the laptop. If the laptop has been asleep, and is revived in preparation for login, then that login screen should be given highest priority, even if there are other heavy CPU or I/O intensive tasks running in the background. And maybe the login dialog shouldn't disappear when the user is legitimately attempting to log in. So even if there is a possibility that the system is under heavy resource use (or there is a stall or minor deadlock), it shouldn't prevent the user from logging in altogether.
  At the moment, the very fact that the system shut down uncleanly means that the full disk encryption suite that I used has entered into an undetermined state, suggesting I may lose access to all my data. It's my hope that I can rely on Apple's products to interoperate in a way that won't cause me to be fearful and restrictive in my use, so that I can freely connect an external display at times, and at other times carry the laptop on the road.

  Ive got the same problem with Samsung UE225010 monitor too, its full hd but it looks terrible, could it be Displayport adapter issue, because couple month ago Ive tryed with some IPS display, and it looked same bad.

• Is this a security bug in Windows 8.1?

  I think I have discovered a serious security bug in Windows 8.1.
  Today I was using my (non-Admin) user account and with Internet Explorer I saved a file in the default Downloads folder (under This PC). The file was saved, but when I went to that folder, the file was not there! Now, I was about to downloaded
  it again, using IE, same as before, when I noticed in the Save dialog box that the file had indeed been downloaded, and that it was there, in the Downloads folder under This PC. Frustrated, I went to that very folder, but the file was nowhere
  to be found. I was really puzzled.
  Then, by chance, while logged in another account (namely the Admin account), I happened to go to the Downloads folder, and there was the file that I had downloaded using the other account.
  Obviously, what I described above represents a security problem: firstly because my private files may get saved by mistake into another person's account without me even realizing it, and secondly because I was able to access another person account
  (i.e. the Admin account) via the IE's Save dialog box, seeing the list of the files there, and possibly even accessing them (I have not tried the latter, though).
  Has anyone experienced anything like the situation I described?
  I must also say that I later tried to replicate this abnormal behavior, but for some unknown reason I couldn't. Anyway, I am sure that what I described above is an accurate account of how things went.

  Hi,
  Since I cannot repro your issue on my own computer, it cannot be a bug.
  I suggest we try to use another user account to see if there is the same issue happened.
  Please make sure your location of download folder is right:
  Right click Downloads folder, and choose Properties.
  Make sure the location is right under your user profile.
  If not, please click Location and click Restore default.
  If we still fail to solve you issue, please run Process monitor at the end of the downloading process to capture the actions, and upload the save log here for further research.
  You can also check if there is any weird actions at the end of downloading process.
  Process Monitor v3.05
  http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
  How to use, please refer to this article:
  Using Process Monitor to capture system events
  http://www.sophos.com/en-us/support/knowledgebase/119038.aspx
  Keep post.
  Kate Li
  TechNet Community Support

• Another security bug??

  All,
  I am running Weblogic with SP3. In my web application configured to use
  form-based authentication. In the web.xml file I have:
  <servlet>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <servlet-class>examples.servlets.InfIIPSchedulerServlet</servlet-class>
  <load-on-startup>2</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <url-pattern>InfIIPSchedulerServlet</url-pattern>
  </servlet-mapping>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <url-pattern>jsp/InfIIPSchedulerServlet</url-pattern>
  </servlet-mapping>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>iip</web-resource-name>
  <description>Informatica Information Platform (IIP)</description>
  <url-pattern>/jsp/*</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  </login-config>
  public class InfIIPSchedulerServlet {
  public void service(HttpServletRequest req, HttpServletResponse res)
  throws ServletException, IOException
  HttpSession session = req.getSession(false);
  res.setContentType("text/plain");
  ServletOutputStream out = res.getOutputStream();
  try {
  if (session == null) {
  out.println("Session is null");
  } else {
  out.println("Session is " + session.toString());
  InfIIPSession ss =
  (InfIIPSession)session.getAttribute(com.informatica.viewer.util.InfHttpSessi
  onNames.USER_IIPSESSION );
  Context context = ss.getContext();
  out.println("<BR>Remote user is ");
  out.println(req.getRemoteUser());
  out.println("<BR>Principal is ");
  out.println(req.getUserPrincipal().getName());
  out.println("<BR>Principal in Context is ");
  out.println((String)context.getEnvironment().get(Context.SECURITY_PRINCIPAL)
  } catch (NamingException ne) {
  throw new ServletException(ne.getMessage());
  After loged in successfully, a welcome page came up. I got the following
  output when invoking the servlet with url
  http://localhost:7001/iip/InfIIPSchedulerServlet
  Session is weblogic.servlet.internal.session.MemorySession@69abf940
  <BR>Remote user is
  dtseng
  <BR>Principal is
  guest
  <BR>Principal in Context is
  dtseng
  With url http://localhost:7001/iip/jsp/InfIIPSchedulerServlet the output
  become
  Session is weblogic.servlet.internal.session.MemorySession@69abf940
  <BR>Remote user is
  dtseng
  <BR>Principal is
  dtseng
  <BR>Principal in Context is
  dtseng
  The difference is that the first url is not a protected resource, while
  the second is. Why req.getUserPrincipal().getName() returns different values
  depending on the context in which is is executed? Is this a security bug?

  I would like to see this feature of the phone given a significant overhaul. Instead of just displaying the dail pad, I'd like to have the choice of programming in certain numbers which could offered for dialing in place of the dial pad being shown for the Emergency call feature. Perhaps upto 10 numbers could be programmed in, so you could add the emergency numbers for your area and any other numbers you think would be useful. Of course, this should be optional so that the user has the choice of only allowing calls to the pre-registered numbers, the display of the numpad or both.
  That way, everyone would be happy, no?

• Security BUG in the web container!

  Hello,
  I have just accidently discovered a security BUG in the web container. The bug permits you to view the source of the JSP page (welcome page).
  To reproduce the bug, do the following:
  1. Create a web application. Create new page with name Index.jsp. Add "Index.jsp" into the web.xml as a welcome file.
  2. Deploy it under, let's say, "SecurityBugWebApp".
  3. Access http://host/SecurityBugWebApp/ or http://host/SecurityBugWebApp/Index.jsp - everything should be as usual - you should see a normal output of a JSP page.
  4. Access http://host/SecurityBugWebApp/Index.JSP (notice the case of the ".JSP" ). You should be able to see the source code of the web page. This bug even works if it is under security constraint! This doesn't seem to work, however, with JSPs not listed in the welcome file list.
  Sincerely,
  Sergei Batiuk.

  Peter,
  Thank you for your suggestion. This makes sense to
  try. I'm actually using a trial license of AS7 with
  no updates. I've found update 1 online with free
  trial, however, do you know if AS7 update 2 is
  available with a trial license and where it might be
  located for download?
  you can get AS7 update2 Platform edition from here.
  Platform ed. is FREE for both development and production deployment
  http://wwws.sun.com/software/download/products/3fb01655.html
  AS7 update2 Standard Edition can be downloaded from here.
  Standard Ed is free only for development, you need to buy a license to use it in production.
  http://wwws.sun.com/software/download/products/3f7df408.html
  Peter

• Security bug in 7.0.2 on 5s

  Hi
  I think ios 7.0.2 for iphone5s has a security bug! as you can see in this two videoes , my
  iphone has password but i can open my iphone with siri & use it with out asking my password!!
  of course it's not always true! sometimes it asks my password & sometimes not!
  I reset all settings from setting but it doesn't help me.
  please download this 2viedoes to understand me better.
  tnX!
  video 1(have problem)
  http://hipfile.com/vnadofjfemn6
  video 2(after few minuts,it's ok)
  http://hipfile.com/zk9fgs6ikbj0
  iphone 5s
  7.0.2

  Sorry, I don't watch video from a stranger.
  I tested it and it works.
  Note: Lockscreen is not Home screen,
  1. Switch Siri off as given in my previous post
  2. Press the top Sleep/Wake button to get you iPhone to sleep.
  3. Press the top Sleep/Wake button to wake iPhone up.
  4. Use a finger (not the finger that is registered in fingerprint) press the Home button and see if Siri comes up.
  You can try a reset before the test:
  Reset: Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Note: You will not lose any data

• How to report a security bug w/o ADC account?

  Hello! I did not find an approptiate forum, so i try here, i hope that's ok.
  There is a security bug in some browsers, and Safari 2 suffers from it, too. The other vendors are already notified, but a cannot find a way to inform apple.
  * It's an security issue, so i should notify Apple non-publicly before publishing
  * It's in Safaris certificate handlig, so it's not in WebKit
  * I do not have a MacOS system (with menu option +Report Bugs to Apple+ ) myself
  * I won't accept tons of legal code to sign up to an ADC acount
  * No, +Apple Care+ is not an option
  I don't mind publishing the issue without notifying apple, but maybe apple does. ZB.

  Well it looks like sending you here was a good thing.
  I appreciate your concerns about open posting of any specific information; I am sure Apple and the other browser makers do too.
  You might google on secunia and perhaps see if it's already known about. I did that for you.
  http://secunia.com/
  Good Luck, JP
  Message was edited by: Jpfresno 'I did that...'

• Metro-E link secure or not ?

  Is metro-ethernet over fiber (point-to-point) link secure ? Can someone sniff into the network (and see unencrypted data) over Metro-ethernet point-to-point link ?

  There no guarantee of confidentiality unless the link is encrypted (by you). Otherwise the data is exposed to your provider. You have to trust your provider to not span your port and sniff it. If that's not acceptable, then protect it with IPSec.

• How to create link to Bug DB and Oracle Support SR

  I have been trying to connect Bug DB to apex, but got a insufficient previledge error.
  I need to connect to Bug DB and Oracle Support through my APEX application to get bug status and SR status automatically.
  I think I should create db links to Bug DB and Oracle Support SR DB first,
  but I got below error while trying to do it.
  Create Database Link Failed.
  ORA-01031: insufficient privileges
  Who can grant me the privileges, or let me know how to link to Bug DB and SR DB.
  My Workspace / Schema of APEX(apex.oraclecorp.com) are listed below.
  OARDC_JSRC / JSRC_CLJ --- For Development and Test
  NOKK_JSRC / NOKK_JSRC --- For release.
  Thanks & Regards,
  lgui

  Hi Igui,
  please don't discuss Oracle internals on the public OTN forum. We have an internal mailing list for such questions. Please see "Internal Application Express Discussion Forum" and "Contact Support" link in the "Side Specific Tasks" region on the login page. This link will also explain what to do to get database link privileges.
  About BugDB integration, please have a look at the following posting http://joelkallman.blogspot.co.uk/2010/12/bugdb-reporting-version-2.html
  Regards
  Patrick
  My Blog: http://www.inside-oracle-apex.com
  APEX Plug-Ins: http://apex.oracle.com/plugins
  Twitter: http://www.twitter.com/patrickwolf

• Linking secure html link with JSF?

  Hey all,
  I do have a previous post regarding j_security_check and using container based security, but since this problem could be answered without it, checking to see how (j_security_check: http://swforum.sun.com/jive/thread.jspa?threadID=54464&tstart=0).
  I want to be able to e-mail links with pre-populated attributes (identifiers, dates, what have you) but still have the link secure and require auth. But, I do want to automatically go to that linked page after auth. How does one do this with JSF?
  thanks,
  -D

  Hi,
  Please go through the below thread:
  http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=50520
  Hope this helps.
  Thanks,
  RK.

• New BASH ShellShock Security Bug - bigger than Heartbleed!

  Woke up this morning to this: http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
  A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems.
  You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
  env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
  env X="() { :;} ; echo busted" `which bash` -c "echo completed"
  Scanned systems internally and found the following were affected:
  Cisco VCS devices (x7 and x8)
  Cisco MXE 3500
  Cisco DMM and SNS (assuming since running Red Hat Enterprise but unable to verify)
  Jabber Guest
  TCS Endpoints (6 or below have been verified, unable to verify 7 but assume vulnerable)
  Cisco Conductor
  Cisco has also just posted a security advisory:
  http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4689&signatureSubId=0&softwareVersion=6.0&releaseVersion=S824

  Yup. MXP based Codecs are vulnerable.
  Video, Streaming, TelePresence, and Transcoding Devices
  Cisco DCM Series 9900-Digital Content Manager [CSCur02624]
  Cisco Edge 300 Digital Media Player [CSCur02761]
  Cisco Edge 340 Digital Media Player [CSCur02751]
  Cisco Show and Share [CSCur03539]
  Cisco TelePresence Conductor [CSCur02103]
  Cisco TelePresence Content Server (TCS) [CSCur05150]
  Cisco TelePresence IP Gateway Series [CSCur04984]
  Cisco TelePresence IP VCR Series [CSCur04993]
  Cisco TelePresence ISDN GW 3241 [CSCur05010]
  Cisco TelePresence ISDN GW MSE 8321 [CSCur05010]
  Cisco TelePresence ISDN Link [CSCur05025]
  Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) [CSCur05050]
  Cisco TelePresence MXP Software [CSCur05095]
  Cisco TelePresence Management Suite Extension for IBM [CSCur05217]
  Cisco TelePresence Manager (CTSMan) [CSCur05104]
  Cisco TelePresence Recording Server (CTRS) [CSCur05038]
  Cisco TelePresence Serial Gateway Series [CSCur05110]
  Cisco TelePresence Server 8710, 7010 [CSCur05172]
  Cisco TelePresence Server on Multiparty Media 310, 320 [CSCur05172]
  Cisco TelePresence Server on Virtual Machine [CSCur05172]
  Cisco TelePresence Supervisor MSE 8050 [CSCur05073]
  Cisco TelePresence TE Software (for E20 - EoL) [CSCur05162]
  Cisco TelePresence Video Communication Server (VCS/Expressway) [CSCur01461]
  Cisco TelePresence endpoints (C series, EX series, MX series, MXG2 series, SX series) and the 10" touch panel [CSCur02591]
  Cisco Video Distribution Suite for Internet Streaming VDS-IS [CSCur05320]
  Tandberg Codian ISDN GW 3210/3220/3240 [CSCur05010]
  Tandberg Codian MSE 8320 model [CSCur05010]

• Linked contacts bug : SMS or e-mail sent to incorrect address or phone number.

  Hello,
  I sync contact on my iPhone 5S ios 7.0.4 with four sources :
  - icloud
  - Outlook.com (Hotmail) - my private mail
  - Exchage - my work mail
  - Facebook
  When a conctact in present on Hotmail and on Exchange, the contact appears once on the iPhone and it's correcty linked but when I want to send a SMS or an e-mail, the message is not sent to the correct number.
  For example a contact (John Smith) is present on Hotmail and on Exchange with the following information
  Exchange :
  Name : John Smith
  Work phone : 1234
  Work mail : [email protected]
  Hotmail :
  Name : John Smith
  Mobile : 7890
  Work phone 1234
  Private mail : [email protected]
  Work mail : [email protected]
  The linked contact on the iPhone looks like :
  Name : John Smith
  Mobile : 7890
  Work phone 1234
  Private mail : [email protected]
  Work mail : [email protected]
  If I want to send a SMS to the Mobile of the contact following this procedure, the SMS is sent to the work phone
  1) Open Mesage app
  2) Click on new message
  3) Click [+] to open contact list
  4) Choose "John Smith"
  5) Choose Mobile phone
  6) Type the message
  7) Click "Send"
  The SMS is sent to Work phone
  If I use anothe procedure, the SMS is sent correctly to the mobile :
  1) Open Mesage app
  2) Click on new message
  3) Type "John Smith" into the "To" zone
  4) Choose "John Smith Mobile"
  5) Type the message
  6) Click "Send"
  Same problem with e-mail address in the mail application.
  If a contact is only present in one source (not linked) there is no problem.
  I think it' a bug in linking contacts.
  Thanks

  I don't think so. When i open the Exchange contact on the iPhone (Contact --> Linked --> Exchange) the work number is not tagged as mobile end there is no message icon next to the phone number.

• Serious security bug in weblogic 6.0

  when I use jaas authenticated to weblogic server 6.0. everything is beatiful. but
  I easily bypass the jaas authentication and could login to weblogic server 6.0
  as anybody with any credential. Think about it, if I login as system and with
  wrong password, and I get in , and the caller will be system.
  If anyone inside weblogic team is interested in talking about it, please give
  me a email. I don't want to post the way how I did it right now

  This potential vulnerability has been confirmed and has been fixed in BEA WebLogic
  Server 6.0 Service Pack 1 (SP1). SP1 is currently available for download from
  the BEA Download Center at
  http://commerce.bea.com/downloads/weblogic_server.jsp#wls.
  BEA advises every Service Pack be applied as they are released. Service Packs
  include a roll up of all bug fixes for each version of the product, as well as
  each of the previously released Service Packs.
  BEA treats security issues with the highest degree of urgency and does everything
  possible to ensure the security of all customer assets. As a policy, if there
  are any security-related issues with any BEA product, BEA will distribute an advisory
  and instructions with the appropriate course of action.
  Because the security of your site, data, and code is
  our highest priority, we are committed to communicating all
  security-related issues clearly and openly.
  BEA has established a permission-based emailing list specifically
  targeted for product security advisories. As a policy, if a user has opted in
  to our emailing list and there are any security issues with the BEA product(s)
  he/she is using, BEA will distribute an advisory and instructions via email with
  the appropriate course of action.
  REPORTING SECURITY ISSUES
  For immediate attention, BEA has established an email address to which you can
  send reports of any possible security issues in BEA products.
  These reports should be sent to: [email protected]
  All correspondence to this address will be promptly reviewed and all necessary
  actions taken to ensure the continued security of all customer assets.
  SUBSCRIBE TO EMAIL ALERT
  You may subscribe to the permission-based emailing list to receive alerts of security
  advisories by registering with BEA at:
  http://contact.beasys.com/bea/www/securityelogin.jsp.
  Sincerely,
  Marc Bishop
  Security Product Manager
  BEA WebLogic Server

• Link to Bug Report Forum on Forum help page is dangling...

  The link Bug Reporting Forum (http://social.answers.microsoft.com/forums/en-us/reportabug/threads/) on page
  Answers >
  Forums Home
  > Help (http://social.answers.microsoft.com/Forums/en-US/help) is dangling. Makes it a bit more complicated than necessary to find this forum...
  Cheers, Michael

  Hello Brent,
  unluckily I think you misunderstood Michael original point.
  Because some time passed, I too would like to report same issue again but let me explain and guide you (or others) how I too reached same sentence.
  As of now even from your own 'Forums preferences' profile page you should be able to find on right side a
  'Help' URL that leading to an intermediate page stating :
  "The Frequently Asked Questions has Moved
  The Forums help file has been moved to the
  Community Wiki. Please update any bookmarks you may have."
  Now a part from correcting that 'Help' URL once you or anyone reach 'Forums
  Help (FAQ) - TechNet Articles - United States (English) - TechNet Wiki' you can find 'How
  do I report issues with the Forums?' question, and then there's this other sentence :
  "How do I report issues with the Forums?
  You can report bugs, suggestions, and other issues for Forums, by performing one of the following actions:
  Bug: If the issue seems like a bug in the forums code, go to the Bug Reporting Forum and report the bug
  by using the template provided in the top forum thread.
  But once anyone reach that Forum, now called 'Forums Issues (not product support)' there's no real forum bug reporting template in the top forum threads (as of now I only found 'Verify Your Account 15' and 'How to report
  spam') and also to find this post thread I really had to search for "report a bug".
  Regards
  Rob

• WWSBR_ALL_ITEMS and item level security - BUG?

  Hi,
  View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
  If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
  Has anyone else run into this? Is it a bug?
  Any help appreciated.
  Portal 3.0.9.8.0
  Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
  IBM AIX 4.3.3

  I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.