CVE-2003-0727

Exploitation Summary

EIP tracks 9 public exploits for CVE-2003-0727. PoCs published by Metasploit, y0, David Litchfield, including Metasploit module exploits/windows/http/oracle9i_xdb_pass.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Oracle 9i XDB FTP via the UNLOCK command. It leverages a SEH overwrite to achieve remote code execution on Windows systems.

Description

Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.

Exploits (9)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows_x86

https://www.exploit-db.com/exploits/16714

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Oracle 9i XDB FTP via the UNLOCK command. It leverages a SEH overwrite to achieve remote code execution on Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB FTP (9.2.0.1)

Auth required

Prerequisites: Network access to Oracle XDB FTP service (port 2100) · Valid credentials (default or known)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows_x86

https://www.exploit-db.com/exploits/16809

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in Oracle 9i XDB HTTP service via a maliciously crafted Authorization header. It leverages a known return address to execute arbitrary payloads, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB (9.2.0.1)

No auth needed

Prerequisites: Network access to Oracle XDB HTTP service (port 8080) · Target running Oracle 9i XDB version 9.2.0.1

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows_x86

https://www.exploit-db.com/exploits/16731

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Oracle 9i XDB FTP server via an overly long PASS command. It leverages a known return address in oraclient9.dll to execute arbitrary payloads on Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB FTP Server 9.2.0.1

No auth needed

Prerequisites: Network access to Oracle XDB FTP service on port 2100 · Target running Oracle 9.2.0.1 on Windows

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by y0 · remotewindows

https://www.exploit-db.com/exploits/1365

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack overflow in Oracle 9i XDB HTTP service via a malformed Authorization header. It targets Windows systems and delivers a payload for remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB HTTP service (9.2.0.1)

No auth needed

Prerequisites: Network access to Oracle 9i XDB HTTP service (port 8080 by default) · Vulnerable Oracle 9i version (9.2.0.1)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by David Litchfield · cremotewindows

https://www.exploit-db.com/exploits/80

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Oracle XDB FTP Service via the UNLOCK command. It sends a crafted payload to spawn a reverse shell to a specified IP and port.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle XDB FTP Service (version not specified)

Auth required

Prerequisites: Network access to the target Oracle XDB FTP Service · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Charles Dardaman · pythonremotewindows

https://www.exploit-db.com/exploits/42780

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Oracle 9i XDB HTTP PASS. It sends a maliciously crafted HTTP request with an oversized 'Authorization' header containing shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB HTTP PASS (version 9.2.0.1)

No auth needed

Prerequisites: Network access to the target Oracle 9i XDB HTTP service · Target service must be running on Windows 2000 SP4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/oracle9i_xdb_pass.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Oracle 9i XDB HTTP service via a malformed Authorization header. It targets Oracle 9.2.0.1 and delivers a payload to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB HTTP Service (9.2.0.1)

No auth needed

Prerequisites: Network access to Oracle XDB HTTP service (port 8080) · Vulnerable Oracle 9i version (9.2.0.1)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Oracle 9i XDB FTP service via an overly long PASS command. It targets Oracle 9.2.0.1 on Windows, using a return address from oraclient9.dll to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB FTP (9.2.0.1)

No auth needed

Prerequisites: Network access to Oracle XDB FTP service (port 2100) · Target running Oracle 9.2.0.1 on Windows

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Oracle 9i XDB FTP via the UNLOCK command. It leverages SEH overwrites to achieve remote code execution on Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle 9i XDB FTP (9.2.0.1)

Auth required

Prerequisites: Network access to Oracle XDB FTP service (port 2100) · Valid credentials (default accounts like DBSNMP/DBSNMP)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42780/

Oracle 9i Database Release 2 - Buffer Overflow

Exploitation Summary

Description

Exploits (9)

References (2)

Scores

Details