VULHUB ™

The Oracle 9iAS Reports Server contains a remotely exploitable buffer overrun vulnerability in one of its CGI's. By supplying an overly long database name parameter to the rwcgi60 with the setauth method, an attacker can run code with the privileges of the web server, or SYSTEM on windows.

The Oracle 9iAS Reports Server contains a remotely exploitable buffer overrun vulnerability in one of its CGI's. By supplying an overly long database name parameter to the rwcgi60 with the setauth method, an attacker can run code with the privileges of the web server, or SYSTEM on windows.