Oracle VM Server Virtual Server Agent Command Injection Exploit

By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2010-3585
Product Version: 
11.0
Released Date: 
Wednesday, June 8, 2011 - 00:00