Zero Day Initiative Advisory 10-119 – This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/91765/ZDI-10-119.txt
Source: https://packetstormsecurity.com/files/91765/Zero-Day-Initiative-Advisory-10-119.html