mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 03:02:49 +00:00
765 B
765 B
CVE-2016-2346
Description
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.
POC
Reference
- http://www.kb.cert.org/vuls/id/229047
- https://adamcaudill.com/2016/02/02/plsql-developer-nonexistent-encryption/
Github
No PoCs found on GitHub currently.