CVE-2011-0923

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

Command injection

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXECSETUP command that references a UNC share pathname...

Code injection

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the...

Command injection

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...

Design/Logic Flaw

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

CVE-2011-0922

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXECSETUP command that references a UNC share pathname...

CVE-2011-0923

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

CVE-2011-0924

HP OpenView Storage Data Protector (Data Protector) client vulnerable via the EXEC_CMD handling: it does not verify file contents, allowing remote code execution by embedding malicious code in a file and using a trusted filename (e.g., omni_chk_ds.sh). Affected versions include Data Protector v6....

CVE-2011-0923

HP Data Protector 6.1 contains a remote code execution flaw in the omniinet service treated via EXEC_CMD handling. A crafted EXEC_CMD packet can cause the process to interpret user-supplied input as part of a filename, leading to arbitrary command execution (notably via perl.exe in {install_path}...

CVE-2011-0921

The CVE-2011-0921 issue affects HP OpenView Storage Data Protector, specifically the CRs.exe Cell Manager Service in the client. The vulnerability arises from improper validation of credentials tied to hostname, domain, and username, permitting remote execution of arbitrary code by sending data o...

CVE-2011-0922

Summary: CVE-2011-0922 affects HP Data Protector Client. A vulnerability in processing the EXEC_SETUP (and related EXEC_CMD/INSTALL/EXEC_SETUP) messages allows a remote attacker to force the client to load and execute arbitrary programs from a remote SMB share, enabling remote code execution. The...

(0Day) Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability

This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the implementation of the EXECSETUP command. This command instruct...

(0Day) Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability

This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of the EXECCMD command. The Data Protector client on...

(0Day) Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability

This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Service which listens by default on a random TCP port. The...

(0Day) Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability

This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXECCMD command. The Data...

CVE-2011-0275

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors...

Code injection

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors...

CVE-2011-0275

HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 are affected by a remote denial-of-service vulnerability. The HP Security Bulletin HPSBMA02626 SSRT100301 rev.1 provides patches for Windows variants: DPWIN_00475 (DP 6.11), DPWIN_00489 (DP 6.10), and DPWIN_00488 (DP 6.00). CVSS 2.0 Base Scor...