This module exploits a command injection error in the Oracle Secure Backup Administration server. The error is located on the exec_qr function, called from the login.php page.

This module exploits an authentication bypass in the login.php in vulnerable versions of Oracle Secure Backup in order to execute arbitrary code via command injection parameters.

The Administration Console of Oracle GlassFish Server is prone to a authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable server. This module will create a backdoor administrator account in the Administration Console of Oracle GlassFish and then deploy a .WAR application in order to install an agent on the target server.

One of the vulnerabilities allows remote attackers writing to the host filesystem on vulnerable installations of software utilizing Oracle Forms and Reporting.

This module exploits a buffer overflow when parsing the password used to authenticate a connection via HTTP services.

This module exploits a buffer overflow in the UNLOCK command of the Oracle 9i Database FTP XDB service.

This module exploits a buffer overflow when parsing the username used to authenticate a connection against an Oracle DataBase.

Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.

This module exploits a buffer overflow in the arguments of the Oracle Service Listener commands.

This module exploits a stack-based buffer overflow in the Oracle DB Server by sending a specially crafted SQL query.