CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0898
https://notcve.org/view.php?id=CVE-2010-0898
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 9.0EPSS: 97%CPEs: 2EXPL: 0CVE-2010-0899 – Oracle Secure Backup Administration $other Variable Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0899
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a usuarios autenticados remotamente afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 0CVE-2010-0907 – Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0907
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, y CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2010-0906 – Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0906
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Secure Backup 10.3.0.1 permite a atacantes remotos autenticados comprometer la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 1CVE-2010-0904 – Oracle Secure Backup Administration Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2010-0904
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors. Vulnerablidad no especificada en Oracle Secure Backup v10.3.0.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials. • https://www.exploit-db.com/exploits/17698 http://securityreason.com/securityalert/8354 http://securityreason.com/securityalert/8356 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •