ID CVE-2008-5448
Summary Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
References
Vulnerable Configurations
  • Oracle Secure Backup 10.2.0.2
    cpe:2.3:a:oracle:secure_backup:10.2.0.2
CVSS
Base: 10.0 (as of 22-11-2016 - 10:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
d2sec via4
metasploit via4
description This module exploits a command injection vulnerability in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2.
id MSF:AUXILIARY/ADMIN/ORACLE/OSB_EXECQR
last seen 2019-03-26
modified 2017-08-25
published 2009-02-23
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/osb_execqr.rb
title Oracle Secure Backup exec_qr() Command Injection Vulnerability
nessus via4
NASL family CGI abuses
NASL id ORACLE_SECURE_BACKUP_CMD.NASL
description The remote version of Oracle Secure Backup Administration Server fails to sanitize user-supplied input to various parameters used in the 'login.php' script before using it. By sending specially crafted arguments an attacker can exploit it to execute code on the remote host with the web server privileges. By default the server runs with SYSTEM privileges under Windows.
last seen 2019-02-21
modified 2018-07-18
plugin id 35363
published 2009-01-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=35363
title Oracle Secure Backup Administration Server login.php Arbitrary Command Injection
refmap via4
bid 33177
confirm http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
secunia 33525
vupen ADV-2009-0115
saint via4
  • bid 33177
    description Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
    title weblogic_iis_connector_jsessionid
    type remote
  • bid 33177
    description Oracle Secure Backup login.php ora_osb_lcookie command execution
    id database_oracle_backupver
    osvdb 51343
    title oracle_secure_backup_login_lcookie
    type remote
  • bid 33177
    description Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
    id database_oracle_backupndmpbo,database_oracle_backupver
    osvdb 51340
    title oracle_secure_backup_ndmp_clientauth
    type remote
  • bid 33177
    description Oracle Secure Backup login.php rbtool command injection
    id database_oracle_backupver
    osvdb 51342
    title oracle_secure_backup_login_rbtool
    type remote
  • bid 33177
    description Oracle Database OLAP component ODCITABLESTART buffer overflow
    id database_oracle_version
    osvdb 51347
    title oracle_olap_odcitablestart
    type remote
Last major update 22-11-2016 - 11:13
Published 13-01-2009 - 20:30
Back to Top