Description
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2004-2115)
WordPress Plugin New Year Firework Cross-Site Scripting (1.1.9)
Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6619)
WordPress Plugin Efence Multiple Cross-Site Scripting Vulnerabilities (1.3.2)
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability (CVE-2026-33174)