Oracle ISQLPlus file access vulnerability (#NISR2122004E)

NGSSoftware Insight Security Research Advisory Name: Oracle ISQLPlus load.uix file access Systems Affected: Oracle 10g AS on all operating systems Severity: Medium Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

CVE-2004-1368

ISQLPlus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script...