Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services – Unauthorized Form Execution

Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services – Unauthorized Form Execution

漏洞ID 1055266 漏洞类型
发布时间 2005-07-19 更新时间 2005-07-19
图片[1]-Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services – Unauthorized Form Execution-安全小百科CVE编号 N/A
图片[2]-Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services – Unauthorized Form Execution-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/26013
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14319/info

Oracle Forms Services is susceptible to an unauthorized form execution vulnerability.

Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing.

It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access. 

http://www.example.com:7779/forms90/f90servlet?form=/public/johndoe/hacker.fmx
http://www.example.com:7779/forms90/f90servlet?module=/tmp/hacker.fmx

相关推荐: HP Distributed Computing Environment Buffer Overrun Vulnerability

HP Distributed Computing Environment Buffer Overrun Vulnerability 漏洞ID 1099313 漏洞类型 Unknown 发布时间 2003-11-17 更新时间 2003-11-17 CVE编号 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享