10 lines
No EOL
623 B
Text
10 lines
No EOL
623 B
Text
source: http://www.securityfocus.com/bid/14319/info
|
|
|
|
Oracle Forms Services is susceptible to an unauthorized form execution vulnerability.
|
|
|
|
Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing.
|
|
|
|
It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
|
|
|
|
http://www.example.com:7779/forms90/f90servlet?form=/public/johndoe/hacker.fmx
|
|
http://www.example.com:7779/forms90/f90servlet?module=/tmp/hacker.fmx |