Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRgodZDI-10-122
HistoryJul 13, 2010 - 12:00 a.m.

Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability

2010-07-1300:00:00
rgod
www.zerodayinitiative.com
8

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the ‘preauth’ variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.

Related

checkpoint_advisories 2
saint 12
prion 3
zdi 2
cve 3
securityvulns 2
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Secure Backup Administration selector Variable Command Injection (CVE-2010-0906)
2010-08-30 00:00:00
Oracle Secure Backup Administration preauth Variable Command Injection (CVE-2010-0906)
2010-10-03 00:00:00
saint
saint
Oracle Secure Backup Administration property_box.php objectname command injection
2010-09-30 00:00:00
Oracle Secure Backup Administration property_box.php objectname command injection
2010-09-30 00:00:00
Oracle Secure Backup Administration preauth variable command injection
2010-12-06 00:00:00
prion
prion
Design/Logic Flaw
2010-07-13 22:30:00
Design/Logic Flaw
2010-07-13 22:30:00
Design/Logic Flaw
2010-07-13 22:30:00
zdi
zdi
Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability
2010-07-13 00:00:00
Oracle Secure Backup Administration objectname Command Injection Remote Code Execution Vulnerability
2010-07-13 00:00:00
cve
cve
CVE-2010-0906
2010-07-13 22:30:00
CVE-2010-0899
2010-07-13 22:30:00
CVE-2010-0907
2010-07-13 22:30:00
securityvulns
securityvulns
Oracle / Sun applications multiple security vulneraebilities
2010-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2010
2010-07-15 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON
Related for ZDI-10-122
checkpoint_advisories2saint12prion3zdi2cve3securityvulns2oracle1