HPE Data Protector EXEC_BAR username Buffer Overflow (CVE-2016-2005)

A buffer overflow vulnerability has been found in the OmniInet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the username field in EXECBAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to...

HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)

The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combinati...

CVE-2016-2005

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352...

CVE-2016-2005

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352...

CVE-2016-2005

CVE-2016-2005 affects HP Data Protector via the OmniInet.exe service. A remote, unauthenticated attacker can exploit a flaw in the EXEC_BAR username handling (fixed-length stack buffer) to execute arbitrary code. The vulnerability enables code execution under the SYSTEM context by sending malform...