Lucene search
AnonymousZDI-10-118HistoryJul 13, 2010 - 12:00 a.m.
Oracle Secure Backup Administration uname Authentication Bypass Vulnerability
2010-07-1300:00:00
Anonymous
www.zerodayinitiative.com
16
0.107 Low
EPSS
Percentile
95.1%
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on the administration page of Oracle Secure Backup. Do to the lack of proper shell metacharacter filtering it is possible to bypass the login check. Successful exploitation of this vulnerability allows the attacker to access sensitive information running on the administration server without proper credentials.
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2010-07-13 22:30:00
Design/Logic Flaw
2010-07-13 22:30:00
zdi
zdi
Oracle Secure Backup Administration Authentication Bypass Vulnerability
2010-07-13 00:00:00
nvd
nvd
CVE-2010-0904
2010-07-13 22:30:01
CVE-2010-0907
2010-07-13 22:30:02
cvelist
cvelist
CVE-2010-0904
2010-07-13 22:07:00
CVE-2010-0907
2010-07-13 22:07:00
cve
cve
CVE-2010-0904
2010-07-13 22:30:01
CVE-2010-0907
2010-07-13 22:30:02
nessus
nessus
Oracle Secure Backup Administration Server login.php Authentication Bypass
2010-07-16 00:00:00
packetstorm
packetstorm
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
2011-08-21 00:00:00
securityvulns
securityvulns
Oracle / Sun applications multiple security vulneraebilities
2010-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2010
2010-07-15 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00