http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

TA11-201A

The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'.  The system performs some sanitization which limits exploitation of this issue, but code execution is still possible.

A remote, unauthenticated attacker could exploit this to execute code on the remote host with the privileges of the web server user.

By default the server runs with SYSTEM privileges under Windows.

CVE-2011-2261

high

Tenable Plugins

critical