«
Expand/Collapse
217 items tagged "data protector"
Related tags:
media operations [+],
hp openview [+],
code revision [+],
data [+],
remote [+],
arbitrary code [+],
secunia [+],
packard [+],
null pointer [+],
client exec [+],
advisory [+],
protector [+],
zdi [+],
service hp [+],
media [+],
exec cmd [+],
exec [+],
enterprise environments [+],
core [+],
service vulnerability [+],
poc [+],
notebook [+],
exec script [+],
code [+],
zero [+],
zero day [+],
remote shell [+],
remote buffer overflow [+],
manager [+],
hp ux [+],
directory traversal vulnerability [+],
vulnerability [+],
security [+],
day [+],
code execution [+],
version 6 [+],
tcp port [+],
target system [+],
shell [+],
security technologies [+],
proof of concept [+],
perl interpreter [+],
multiple message [+],
memory operation [+],
manager. authentication [+],
manager a [+],
malicious attacker [+],
heap corruption [+],
express [+],
exploit [+],
directory traversal [+],
denial [+],
buffer [+],
storage data [+],
bulletin [+],
vulnerabilities [+],
txt [+],
tgz [+],
stack buffer [+],
security advisory [+],
multiple [+],
function [+],
exploits [+],
buffer overflow vulnerability [+],
arbitrary code execution [+],
service [+],
potential security vulnerability [+],
hpsbma [+],
unspecified [+],
server edition [+],
security restrictions [+],
root shell [+],
microsoft windows versions [+],
logbackuplocationstatus [+],
integer overflow [+],
get [+],
execution [+],
dbserver [+],
code security [+],
cell [+],
bugtraq [+],
attacker [+],
tcp port 80 [+],
hpsbmu [+],
safer use [+],
denial of service [+],
storage [+],
openview [+],
security vulnerabilities [+],
client [+],
initiative [+],
denial of service dos [+]
-
-
23:49
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Data Protector Express, which can be exploited by malicious people to compromise a vulnerable system.
-
-
15:37
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
-
15:37
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
-
15:37
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
-
15:07
»
Packet Storm Security Exploits
This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
-
15:07
»
Packet Storm Security Recent Files
This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
-
15:07
»
Packet Storm Security Misc. Files
This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
-
-
16:34
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02739 SSRT100280 - A potential security vulnerability has been identified with HP Data Protector Media Operations. This vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
16:34
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02739 SSRT100280 - A potential security vulnerability has been identified with HP Data Protector Media Operations. This vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
16:34
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02739 SSRT100280 - A potential security vulnerability has been identified with HP Data Protector Media Operations. This vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:54
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:54
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:54
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:53
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:53
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:48
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:48
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:48
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:38
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:38
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
-
8:31
»
Packet Storm Security Exploits
HP Data Protector Media Operations versions 6.20 and below suffer from a directory traversal vulnerability. Proof of concept included.
-
-
15:43
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
15:43
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
15:43
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
-
-
19:03
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
-
-
18:04
»
SecuriTeam
Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:04
»
SecuriTeam
Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:28
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
-
19:28
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
-
19:28
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
-
15:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS)
-
-
19:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:22
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02686 SSRT100541 3 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.
-
15:22
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02686 SSRT100541 3 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.
-
15:22
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02686 SSRT100541 3 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.
-
-
23:15
»
Packet Storm Security Exploits
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
-
23:15
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
-
23:15
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
-
23:08
»
Packet Storm Security Exploits
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
-
23:08
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
-
23:08
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
-
2:00
»
Packet Storm Security Advisories
Secunia Security Advisory - Two vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
-
-
0:01
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
-
-
8:19
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMA02631 SSRT100324 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
8:19
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMA02631 SSRT100324 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
8:19
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMA02631 SSRT100324 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
-
1:35
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
-
-
14:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
14:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
14:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
14:15
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed bm message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed bm message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed bm message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:15
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:05
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:05
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
14:05
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
13:35
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
13:35
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
13:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
13:34
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
-
13:22
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMA02654 SSRT100441 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
13:22
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMA02654 SSRT100441 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
13:22
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMA02654 SSRT100441 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
-
19:50
»
SecuriTeam
This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:50
»
SecuriTeam
This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:50
»
SecuriTeam
This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:49
»
SecuriTeam
This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:10
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:16
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBServer.exe process which listens by default on TCP port 19813. While parsing a request, the process trusts a user-supplied 32-bit length value and uses it within a memory operation. By specifying large enough values in a packet sent to the service, a remote attacker can execute arbitrary code under the context of the SYSTEM user.
-
11:16
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBServer.exe process which listens by default on TCP port 19813. While parsing a request, the process trusts a user-supplied 32-bit length value and uses it within a memory operation. By specifying large enough values in a packet sent to the service, a remote attacker can execute arbitrary code under the context of the SYSTEM user.
-
11:16
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBServer.exe process which listens by default on TCP port 19813. While parsing a request, the process trusts a user-supplied 32-bit length value and uses it within a memory operation. By specifying large enough values in a packet sent to the service, a remote attacker can execute arbitrary code under the context of the SYSTEM user.
-
-
21:05
»
SecuriTeam
A potential security vulnerability has been identified with HP OpenView Storage Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
0:49
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Data Protector, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
-
-
12:11
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-057 - This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Service which listens by default on a random TCP port. The crs.exe process fails to properly validate supplied username, domain, and hostname credentials. A remote attacker can leverage this flaw to execute code on all Data Protector clients.
-
12:11
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-057 - This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Service which listens by default on a random TCP port. The crs.exe process fails to properly validate supplied username, domain, and hostname credentials. A remote attacker can leverage this flaw to execute code on all Data Protector clients.
-
12:11
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-057 - This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Service which listens by default on a random TCP port. The crs.exe process fails to properly validate supplied username, domain, and hostname credentials. A remote attacker can leverage this flaw to execute code on all Data Protector clients.
-
10:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-056 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
-
10:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-056 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
-
10:34
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-056 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
-
8:45
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-055 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXEC_CMD command. The Data Protector client allows remote connections to execute files within it's local bin directory. By supplying maliciously crafted input to the EXEC_CMD a remote attacker can interact with a Perl interpreter and execute arbitrary code under the context of the current user.
-
8:45
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-055 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXEC_CMD command. The Data Protector client allows remote connections to execute files within it's local bin directory. By supplying maliciously crafted input to the EXEC_CMD a remote attacker can interact with a Perl interpreter and execute arbitrary code under the context of the current user.
-
8:45
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-055 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXEC_CMD command. The Data Protector client allows remote connections to execute files within it's local bin directory. By supplying maliciously crafted input to the EXEC_CMD a remote attacker can interact with a Perl interpreter and execute arbitrary code under the context of the current user.
-
8:30
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-054 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of the EXEC_CMD command. The Data Protector client only verifies file names, not their contents. By supplying malicious code within specific script files, arbitrary code execution is possible under the context of the current user.
-
8:30
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-054 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of the EXEC_CMD command. The Data Protector client only verifies file names, not their contents. By supplying malicious code within specific script files, arbitrary code execution is possible under the context of the current user.
-
8:30
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-054 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of the EXEC_CMD command. The Data Protector client only verifies file names, not their contents. By supplying malicious code within specific script files, arbitrary code execution is possible under the context of the current user.
-
-
19:32
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMA02626 SSRT100301 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
-
19:32
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMA02626 SSRT100301 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
-
19:32
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMA02626 SSRT100301 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
-
-
18:30
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the crs.exe process which listens on a random TCP port. The process fails to properly handle multiple message types and copies user-supplied data into fixed-length buffers. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
-
18:30
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the crs.exe process which listens on a random TCP port. The process fails to properly handle multiple message types and copies user-supplied data into fixed-length buffers. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
-
18:30
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the crs.exe process which listens on a random TCP port. The process fails to properly handle multiple message types and copies user-supplied data into fixed-length buffers. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
-
18:15
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMA02625 SSRT100138 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
18:15
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMA02625 SSRT100138 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
18:15
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMA02625 SSRT100138 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
-
-
21:47
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
-
-
12:53
»
SecuriTeam
This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Hewlett-Packard Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:53
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system.
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system.
-
-
13:01
»
Packet Storm Security Recent Files
HP Security Bulletin - A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
-
13:00
»
Packet Storm Security Advisories
HP Security Bulletin - A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
-
12:00
»
Packet Storm Security Advisories
HP Security Bulletin - A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
-
-
9:01
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
-
8:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local
-
-
12:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access
-
-
12:00
»
Packet Storm Security Advisories
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution