Vulnerability Details : CVE-2010-0904
Public exploit exists!
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2010-0904
Probability of exploitation activity in the next 30 days: 12.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-0904
-
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Disclosure Date: 2010-07-13First seen: 2020-04-26auxiliary/admin/oracle/osb_execqr3This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32). Authors: -
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Disclosure Date: 2010-07-13First seen: 2020-04-26exploit/windows/http/osb_uname_jlistThis module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This module was tested against Oracle
CVSS scores for CVE-2010-0904
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2010-0904
-
http://securityreason.com/securityalert/8354
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability - CXSecurity.com
-
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Critical Patch Update - October 2010
-
http://securityreason.com/securityalert/8356
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability - CXSecurity.com
Products affected by CVE-2010-0904
- cpe:2.3:a:oracle:secure_backup:10.3.0.1:*:*:*:*:*:*:*