ID CVE-2010-0904
Summary Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:secure_backup:10.3.0.1
    cpe:2.3:a:oracle:secure_backup:10.3.0.1
CVSS
Base: 5.0 (as of 14-07-2010 - 12:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability. CVE-2010-0904. Webapps exploit for php platform
id EDB-ID:17698
last seen 2016-02-02
modified 2011-08-19
published 2011-08-19
reporter metasploit
source https://www.exploit-db.com/download/17698/
title Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
metasploit via4
  • description This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
    id MSF:AUXILIARY/ADMIN/ORACLE/OSB_EXECQR3
    last seen 2019-02-15
    modified 2017-07-24
    published 2010-07-20
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/osb_execqr3.rb
    title Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
  • description This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0
    id MSF:EXPLOIT/WINDOWS/HTTP/OSB_UNAME_JLIST
    last seen 2019-03-26
    modified 2017-09-14
    published 2011-08-19
    reliability Excellent
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/osb_uname_jlist.rb
    title Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
nessus via4
NASL family CGI abuses
NASL id ORACLE_SECURE_BACKUP_UNAME_AUTH_BYPASS.NASL
description The remote version of Oracle Secure Backup Administration Server fails to correctly validate a successful login based on the input passed to 'uname' parameter in script 'login.php'. By setting 'uname' to a specially crafted value, it may be possible for a remote unauthenticatd attacker to bypass authentication, and access information reserved for authenticated users.
last seen 2019-02-21
modified 2018-11-15
plugin id 47747
published 2010-07-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=47747
title Oracle Secure Backup Administration Server login.php Authentication Bypass
packetstorm via4
data source https://packetstormsecurity.com/files/download/104266/osb_uname_jlist.rb.txt
id PACKETSTORM:104266
last seen 2016-12-05
published 2011-08-21
reporter MC
source https://packetstormsecurity.com/files/104266/Oracle-Secure-Backup-Authentication-Bypass-Command-Injection-Vulnerability.html
title Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
sreason
  • 8354
  • 8356
Last major update 22-10-2012 - 23:20
Published 13-07-2010 - 18:30
Back to Top