CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3596
https://notcve.org/view.php?id=CVE-2010-3596
Unspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors. Una vulnerabilidad no especificada en el componente mod_ssl en Oracle Secure Backup v10.3.0.2 permite a atacantes remotos afectar a la integridad y la disponibilidad a través de vectores desconocidos. • http://secunia.com/advisories/42918 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45850 http://www.securitytracker.com/id?1024974 http://www.vupen.com/english/advisories/2011/0142 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0898
https://notcve.org/view.php?id=CVE-2010-0898
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 9.0EPSS: 97%CPEs: 2EXPL: 0CVE-2010-0899 – Oracle Secure Backup Administration $other Variable Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0899
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a usuarios autenticados remotamente afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 0CVE-2010-0907 – Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0907
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, y CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2010-0906 – Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0906
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Secure Backup 10.3.0.1 permite a atacantes remotos autenticados comprometer la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •