HP Data Protector Opcode 305 Directory Traversal (CVE-2014-5160)

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization of a file name provided with Opcode 305. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful...

HP Data Protector EXEC_INTEGUTIL Remote Code Execution

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXECINTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible...

HP Data Protector Opcode 1091 Directory Traversal (CVE-2014-5160)

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization allowing an attacker to create arbitrary files. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...

(0Day) Hewlett-Packard Data Protector omnidlc Buffer Overflow Remote Code Execution Vulnerabililty

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within omnidlc.exe which can be called via crs.exe. The issue lies in the...

(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXECINTEGUTIL messages. A remote attacker can inje...

HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)

A command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to...

CVE-2014-5160

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavi...

CVE-2014-5160

HP Data Protector’s Cell Request Service crs.exe is affected by two directory traversal vulnerabilities (opcode 1091 and 305). The flaws allow remote, unauthenticated attackers to write or delete arbitrary files, with potential code execution in the service context. Affected component is crs.exe ...

CVE-2014-5160

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavi...

PT-2014-6308 · Hewlett Packard · Hp Data Protector

Name of the Vulnerable Software and Affected Versions: HP Data Protector affected versions not specified Description: The issue allows remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. The vendor reportedly assert...

(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing...

(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing...

HP Storage Data Protector code execution

No description provided...

[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04373818 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04373818 Version: 1 HPSBMU03072...

HP Data Protector 8.x Arbitrary Command Execution (HPSBMU03072)

Binary data hpdataprotectorhpsbmu03072.nbin...

CVE-2014-2623

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2014-2623

CVE-2014-2623 affects HPE Data Protector 8.x (and related 8.x prior to 8.15 and other lines per later notes) where remote code execution is possible due to lack of authentication in the Data Protector components (e.g., OmniInet/agents). Public evidence includes Metasploit and Exploit-DB entries d...

CVE-2014-2623

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors...

Code injection

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors...

HP Data Protector Manager 8.10 - Remote Command Execution

No description provided by source. !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org Contacts:...