|
|
CVE Reference: CVE-2005-2372 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2372 |
|
|
Description: Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. |
|
|
CVE Status: Candidate |
|
|
References: MISC http://www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112180805413784&w=2 |
|
| Return to the previous page. |
