HP Data Protector Remote Command Execution (CVE-2016-2004)

An arbitrary command execution vulnerability exists in the HPE Data Protector. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service. Successful exploitation could lead to arbitrary command execution under the context of...

HP Data Protector Encrypted Communication Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'openssl' class MetasploitModule "HP Data Protector Encrypted Communication Remote Command Execution",...

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution Metasploit Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)

Exploit for windows platform in category remote exploits Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested o...

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)

Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-2004 This module...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

HP Data Protector A.09.00 - Arbitrary Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

CVE-2016-2004

creationtimestamp| type| source ---|---|--- 2016-05-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39858 2016-05-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39874 2018-05-29 15:50:33+00:00| seen|...

HP Data Protector A.09.00 Command Execution

!/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-20...

HP Data Protector A.09.00 - Arbitrary Command Execution

!/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-20...

HP Data Protector A.09.00 - Arbitrary Command Execution

HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)

The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combinati...

HP Data Protector does not perform authentication and contains an embedded SSL private key

Overview The HP Data Protector does not perform user authentication, even when Encrypted Control Communications is enabled, and contains an embedded SSL private key that is shared among all installations. Description CWE-306: Missing Authentication for Critical Function - CVE-2016-2004Data...

CVE-2016-2004

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623...

CVE-2016-2004

CVE-2016-2004 affects HPE Data Protector: vulnerable in Content-Affected versions include HP Data Protector 7.03_108, 8.x prior to 8.15, and 9.x prior to 9.06. The flaw stems from lack of authentication in remote control communications, allowing unauthenticated remote code execution. This CVE is ...