CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 0CVE-2010-0072 – Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0072
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000. Una vulnerabilidad no especificada en el componente Oracle Secure Backup en Secure Backup de Oracle versión 10.2.0.3, permite a los atacantes remotos afectar a la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2010. • http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html http://www.us-cert.gov/cas/techalerts/TA10-012A.html •
CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 1CVE-2009-1977 – Oracle Secure Backup Administration Server Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2009-1977
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php. Vulnerabilidad no especificada en el componente Oracle Secure Backup en Oracle Secure Backup v10.2.0.3 permite a los atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través e vectores desconocidos. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. • https://www.exploit-db.com/exploits/9652 http://osvdb.org/55903 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35672 http://www.securitytracker.com/id?1022565 http://www.vupen.com/english/advisories/2009/1900 http://www.zerodayinitiative.com/advisories/ZDI-09-058 https://exchange.xforce.ibmcloud.com/vulnerabilities/51761 •
CVSS: 9.0EPSS: 82%CPEs: 1EXPL: 1CVE-2009-1978 – Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1978
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php. Vulnerabilidad no especificada en el componente Oracle Secure Backup en Oracle Secure Backup 10.2.0.3 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. NOTA: la información anterior se obtuvo de la CPU de Oracle de Julio de 2009. • https://www.exploit-db.com/exploits/9652 http://osvdb.org/55904 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35678 http://www.securitytracker.com/id?1022565 http://www.vupen.com/english/advisories/2009/1900 http://www.zerodayinitiative.com/advisories/ZDI-09-059 https://exchange.xforce.ibmcloud.com/vulnerabilities/51762 •
CVSS: 5.0EPSS: 67%CPEs: 1EXPL: 0CVE-2008-5443
https://notcve.org/view.php?id=CVE-2008-5443
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442. Vulnerabilidad no especificada en el componente Oracle Secure Backup en Oracle Secure Backup 10.2.0.2 permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2008-5441 y CVE-2008-5442. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.vupen.com/english/advisories/2009/0115 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-5445
https://notcve.org/view.php?id=CVE-2008-5445
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference. Una vulnerabilidad no especificada del componente Oracle Secure Backup en Oracle Secure Backup versión 10.2.0.2, permite a los atacantes remotos afectar a la disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2009. • http://secunia.com/advisories/33525 http://www.fortiguardcenter.com/advisory/FGA-2009-02.html http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/archive/1/500113/100/0/threaded http://www.securityfocus.com/bid/33177 http://www.vupen.com/english/advisories/2009/0115 •