Lucene search
K

4 matches found

Check Point Advisories
Check Point Advisories
added 2011/09/27 12:0 a.m.3 views

Oracle Secure Backup Administration Server validate_login Command Injection (CVE-2011-2261)

A command injection vulnerability has been reported in Oracle secure backup administration server. The vulnerability is due to insufficient user data filtering. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request to a target user. Successful exploitation...

10CVSS7.2AI score0.03244EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/07/25 12:0 a.m.28 views

Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection

The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'. The system performs some sanitization which limits exploitation of this issue, but code execution is still possible. A...

10CVSS5.6AI score0.03244EPSS
Exploits0References5
Prion
Prion
added 2011/07/20 11:55 p.m.14 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261...

6.8CVSS6.2AI score0.03244EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/07/20 11:0 p.m.43 views

CVE-2011-2261

Oracle Secure Backup contains a remote command injection vulnerability (CVE-2011-2261) in the Administration Server login.php uname parameter. The flaw arises from insufficient input filtering in validate_login, allowing an unauthenticated attacker to inject commands and achieve remote code execu...

10CVSS6AI score0.03244EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder