4 matches found
Oracle Secure Backup Administration Server validate_login Command Injection (CVE-2011-2261)
A command injection vulnerability has been reported in Oracle secure backup administration server. The vulnerability is due to insufficient user data filtering. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request to a target user. Successful exploitation...
Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection
The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'. The system performs some sanitization which limits exploitation of this issue, but code execution is still possible. A...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261...
CVE-2011-2261
Oracle Secure Backup contains a remote command injection vulnerability (CVE-2011-2261) in the Administration Server login.php uname parameter. The flaw arises from insufficient input filtering in validate_login, allowing an unauthenticated attacker to inject commands and achieve remote code execu...