mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
754 B
754 B
CVE-2016-2346
Description
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.
POC
Reference
- http://www.kb.cert.org/vuls/id/229047
- https://adamcaudill.com/2016/02/02/plsql-developer-nonexistent-encryption/
Github
No PoCs found on GitHub currently.