CVE-2014-0887

Summary: CVE-2014-0887 affects IBM Lotus Protector for Mail Security. The Admin Web UI in the 2.8.x branch (before 2.8.1-22905) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. Affected versions: IBM Lotus Protector for Mail Security 2....

CVE-2014-0885

CVE-2014-0885 affects IBM Lotus Protector for Mail Security, specifically the Admin Web UI in version 2.8.x before 2.8.1-22905. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. ...

HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014 CVE: CVE-2013-2347 BID: 64647 OSVDB: 101626 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service OmniInet.exe listens on TCP port 5555 for communications between managed systems...

HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014 CVE: CVE-2013-2347 BID: 64647 OSVDB: 101626 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service OmniInet.exe listens on TCP port 5555 for communications between managed systems...

HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014 CVE: CVE-2013-2347 BID: 64647 OSVDB: 101626 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service OmniInet.exe listens on TCP port 5555 for communications between managed systems...

HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014 CVE: CVE-2013-2347 BID: 64647 OSVDB: 101626 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service OmniInet.exe listens on TCP port 5555 for communications between managed systems...

HP Data Protector CRS Multiple Stack Buffer Overflows (CVE-2013-6195)

Multiple stack buffer overflows exist in HP Data Protector. The vulnerabilities are due to a lack of input sanitization on Strings provided with various opcodes. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could...

HP Data Protector Opcode 45 and 46 Code Execution (CVE-2013-2348)

Multiple vulnerabilities have been reported in HP Data Protector. Both vulnerabilities are due to insufficient input validation on a string supplied with a message containing opcodes 45 or 46. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

HP Data Protector EXEC_BAR Command Execution (CVE-2013-2347)

A command execution vulnerability has been reported in HP Data Protector. The vulnerability is due to a lack of input sanitization on a string provided with Opcode 11. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...

HP Data Protector Opcode 42 Directory Traversal (CVE-2013-6194)

A directory traversal vulnerability has been reported in HP Data Protector. The vulnerability is due to a lack of input sanitization on a file name provided with Opcode 42. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...

HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service...

HP Data Protector Backup Client Service Remote Code Execution Exploit

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service OmniInet.exe to achieve remote code execution. The vulnerability exists in...

HP Data Protector Backup Client Service Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service...

HP Data Protector Backup Client Service Remote Code Execution

This Metasploit module abuses the Backup Client Service OmniInet.exe to achieve remote code execution. The vulnerability exists in the EXECBAR operation, which allows to execute arbitrary processes. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2...

HP Data Protector Backup Client Service Remote Code Execution

This module abuses the Backup Client Service OmniInet.exe to achieve remote code execution. The vulnerability exists in the EXECBAR operation, which allows to execute arbitrary processes. This module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2...

CoSoSys Endpoint Protector < 4.4.0.1 Unspecified XSS

The version of CoSoSys Endpoint Protector installed on the remote host is prior to 4.4.0.1. It is, therefore, affected by an unspecified cross-site scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

HP (OpenView Storage) Data Protector Multiple Vulnerabilities

HP OpenView Storage Data Protector is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

HP Data Protector EXEC_BAR Remote Command Execution

The omniinet service, which runs by default on port 5555, is susceptible to numerous remotely exploitable vulnerabilities. By sending a malicious EXECBAR packet opcode 11, a remote attacker can force the omniinet service to run an arbitrary command. On Windows, the omniinet service is running as...

HP Data Protector EXEC_BAR Remote Command Execution

import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Tested On: Windows Server 2003, Windows Server 2008 R2...

HP Data Protector - EXEC_BAR Remote Command Execution

HP Data Protector - EXECBAR Remote Command Execution import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Test...