19 matches found
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602
Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...
HP Data Protector 6.1 EXEC_CMD Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Data Protector 6.1 EXECCMD Command Execution', 'Description' = %q This module exploits HP Data Protector's omniinet process, specifically...
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
HP Data Protector Client - EXEC_CMD Remote Code Execution
HP Data Protector Client - EXECCMD Remote Code Execution !/usr/bin/env python Exploit Title: HP Data Protector Client EXECCMD Remote Code Execution Vulnerability Date: 2012-12-06 Exploit Author: Ben Turner Vendor Homepage: www.hp.com Version: 6.11 & 6.20 Tested on: Windows 2003 Server SP2 en CVE:...
HP Data Protector 6.1 EXEC_CMD Command Execution
This module exploits HP Data Protector's omniinet process, specifically against a Windows setup. When an EXECCMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW. If the file is found, the process will then go ahead execute it with...
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
HP Data Protector 6.1 - EXEC_CMD Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP Data Protector...
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP Data Protector...
HP Data Protector Client EXEC_CMD Command Execution (CVE-2011-0923)
A remote code execution vulnerability has been reported in HP Data Protector. The vulnerability is due to insufficient input validation of arguments passed to the EXECCMD command. A remote attacker may exploit this vulnerability by sending a specially crafted request to an affected Data Protector...
HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow (CVE-2011-1866)
A remote code execution vulnerability has been reported in HP OpenView Storage Data Protector. The vulnerability is due to insufficient boundary checking while handling EXECCMD messages. A remote attacker may exploit this vulnerability by sending a specially crafted EXECCMD to an affected service...
CVE-2011-1866
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXECCMD functionality...
Buffer overflow
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXECCMD functionality...
CVE-2011-1866
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXECCMD functionality...
HP (OpenView Storage) Data Protector Client 'EXEC_CMD' RCE Vulnerability
HP OpenView Storage Data Protector is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability
ZDI-11-054: Hewlett-Packard Data Protector Client EXECCMD omnichkds.sh Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-054 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view...
CVE-2011-0923
The client in HP Data Protector does not properly validate EXECCMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."...
CVE-2011-0924
The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...
(0Day) Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability
This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXECCMD command. The Data...