Bugtraq mailing list archives

Re: ZDI-10-121: Command Injection Remote Code Execution Vulnerability

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 15 Jul 2010 22:32:06 +0300 (EEST)

Is the affected product Secure Backup accidentally missing from the subject line and the advisory title,
i.e. the correct title is Oracle Secure Backup Administration selector Command Injection Remote Code Execution 
Vulnerability?

Juha-Matti

ZDI Disclosures [zdi-disclosures () tippingpoint com] wrote:

ZDI-10-121: Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-121
July 13, 2010

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
Oracle

-- Affected Products:
Oracle Secure Backup

--clip--

Current thread:

ZDI-10-121: Command Injection Remote Code Execution Vulnerability ZDI Disclosures (Jul 15)
- <Possible follow-ups>
- Re: ZDI-10-121: Command Injection Remote Code Execution Vulnerability Juha-Matti Laurio (Jul 16)