Phase:ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
ReferencesBUGTRAQ:Thursday, December 23, 2004 Oracle ISQLPlus file access vulnerability (#NISR2122004E) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110382264415387&w=2 | MISC:http://www.ngssoftware.com/advisories/oracle23122004E.txt | SUNALERT:101782 | URL:http://
Votes:Assigned (Friday, January 07, 2005)
Comments:None (candidate not yet proposed)
F7: