HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

HP Data Protector A.09.00 命令执行漏洞

No description provided by source...

HP Data Protector A.09.00 - Arbitrary Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

HP Data Protector A.09.00 - Arbitrary Command Execution

HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

HP Data Protector A.09.00 - Arbitrary Command Execution

!/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-20...

The vulnerability of the HPE Data Protector backup tool allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE Data Protector backup tool is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the HPE Data Protector backup tool allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE Data Protector backup tool is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the HPE Data Protector backup tool allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE Data Protector backup tool is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

HP Data Protector Hard-coded Cryptographic Key (HPSBGN03580)

The HP Data Protector application running on the remote host contains an embedded SSL private key that is shared across all installations. An attacker can exploit this to perform man-in-the-middle attacks against the host or have other potential impacts. %NASLMINLEVEL 70300 C Tenable Network...

HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)

The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combinati...

Hewlett Packard Enterprise Data Protector EXEC_BAR Domain Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which listens by default on TCP port 5555. When...

Hewlett Packard Enterprise Data Protector EXEC_SCRIPT Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which listens by default on TCP port 5555. When...

Hewlett Packard Enterprise Data Protector EXEC_BAR User Name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which listens by default on TCP port 5555. When...

HP Data Protector Multiple Vulnerabilities (Apr 2016)

HP Data Protector is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hp:dataprotector";...

HP Data Protector 6.10 / 6.11 / 6.20 Install Service

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'HP Data Protector 6.10/6.11/6.20 Install Service', 'Description' = %q This module exploits HP Data Protector Omniinet process o...

HP Data Protector does not perform authentication and contains an embedded SSL private key

Overview The HP Data Protector does not perform user authentication, even when Encrypted Control Communications is enabled, and contains an embedded SSL private key that is shared among all installations. Description CWE-306: Missing Authentication for Critical Function - CVE-2016-2004Data...

CVE-2016-2008

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2016-2008

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2016-2007

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354...

CVE-2016-2007

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354...