116 matches found
CVE-2025-21578
Vulnerability in Oracle Secure Backup component: General. Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes t...
Oracle Secure Backup 安全漏洞
Oracle Secure Backup is a solution from Oracle Corporation USA that provides reliable data protection by backing up file systems to tape. A security vulnerability exists in Oracle Secure Backup that stems from mishandling of the General component, which could lead to a system takeover. The...
PT-2025-16403 · Oracle · Oracle Secure Backup
Name of the Vulnerable Software and Affected Versions: Oracle Secure Backup versions 12.1.0.1 through 12.1.0.3 Oracle Secure Backup versions 18.1.0.0 through 18.1.0.2 Description: The issue allows a high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to...
Oracle Critical Patch Update, January 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, includin...
Oracle Secure Backup Exec_qr() Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Secure Backup execqr Command Injection Vulnerability', 'Description' = %q This module exploits a command injection vulnerability in Oracle...
Oracle Secure Backup Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability', 'Description' = %q This module exploits an authentication bypass...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
No description provided by source. $Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Oracle Secure Backup 10.3.0.1 RCE
Remote command execution vulnerability in Oracle Secure Backup Administration Server propertybox.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
$Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in propertybox.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0 This...
Oracle Secure Backup Authentication Bypass/Command Injection
Exploit for php platform in category web applications $Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensin...
Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)
$Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection
The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'. The system performs some sanitization which limits exploitation of this issue, but code execution is still possible. A...
Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validatelogin function defined within /apache/htdocts/php/common.php. The...
CVE-2011-2252
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261...
CVE-2011-2251
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors...
CVE-2011-2251
CVE-2011-2251 is linked to Oracle Secure Backup Administration Server login.php XSS in the mode parameter. The Nessus plugin notes input is not properly sanitized, enabling a remote attacker to lure a user to a crafted URL and potentially execute arbitrary script code. This is the concrete detail...
CVE-2010-3596
Unspecified vulnerability in the modssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the modssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors...
CVE-2010-3596
Unspecified vulnerability in the modssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors...