RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website.
Mohamed Ramadan Security Researcher and Trainer Attack-Secure, told 'The Hacker News' that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013.
Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible.
Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function
Technical details are not available at the moment about vulnerable URLs for security issue. Mohamed recently acknowledged by Facebook and Etsy for reporting serious vulnerabilities in their mobile apps. Red Hat also list him on their website under WhiteHat hackers.