Full title: Oracle Database Client System Analyzer Arbitrary File Upload 
Category: remote exploits
Platform: windows
This Metasploit module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This Metasploit module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on Windows 2003 SP2, where execution through the Windows Management Instrumentation service has been used.

# 0day.today @ http://0day.today/