Update Protection against HP Data Protector OmniInet Service Null Dereference Denial of Service

A denial of service vulnerability exists in HP Data Protector OmniInet Service, one of the processes of the HP OpenView Storage Data Protector. Remote attackers could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation could result in ...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

HP Data Protector Manager RDS Denial of Service

HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Raima Database Server process RDS.EXE runs on the Data Protector Cell Manager and...

ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability

ZDI-11-055: Hewlett-Packard Data Protector Client EXECCMD Perl Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-055 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view...

ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability

ZDI-11-056: Hewlett-Packard Data Protector Client EXECSETUP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-056 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations...

ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability

ZDI-11-054: Hewlett-Packard Data Protector Client EXECCMD omnichkds.sh Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-054 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view...

ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability

ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-057 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view...

CVE-2011-0922

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXECSETUP command that references a UNC share pathname...

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the...

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

CVE-2011-0923

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...

Design/Logic Flaw

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

Code injection

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the...

Command injection

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXECSETUP command that references a UNC share pathname...

Command injection

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...

CVE-2011-0922

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXECSETUP command that references a UNC share pathname...

CVE-2011-0923

The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...