Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.Referenceshttp://www.securityfocus.com/bid/1053http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html
