14 matches found
CVE-2011-0923
HP Data Protector 6.1 contains a remote code execution flaw in the omniinet service treated via EXEC_CMD handling. A crafted EXEC_CMD packet can cause the process to interpret user-supplied input as part of a filename, leading to arbitrary command execution (notably via perl.exe in {install_path}...
CVE-2016-2004
CVE-2016-2004 affects HPE Data Protector: vulnerable in Content-Affected versions include HP Data Protector 7.03_108, 8.x prior to 8.15, and 9.x prior to 9.06. The flaw stems from lack of authentication in remote control communications, allowing unauthenticated remote code execution. This CVE is ...
CVE-2017-5807
CVE-2017-5807 is a Remote Arbitrary Code Execution vulnerability affecting HPE Data Protector versions prior to 8.17 and 9.09. The connected sources indicate an overflow condition that, when triggered by certain input, could allow remote code execution. The issue is categorized with high to criti...
CVE-2011-2399
CVE-2011-2399 is a remote denial-of-service vulnerability in HP Data Protector’s Media Management Daemon (mmd), affecting HP Data Protector versions up to 6.11. The issue allows an unauthenticated, remote attacker to cause a DoS via unknown vectors, with CVSSv2 base score 7.8 (HIGH). HP’s securit...
CVE-2016-2006
CVE-2016-2006 affects Hewlett Packard Enterprise Data Protector prior to 7.03_108, 8.x before 8.15, and 9.x before 9.06. Connected advisories detail a remote code execution via Oracle? No—OmniInet.exe in HPE Data Protector listens on TCP port 5555. The vulnerability arises from a lack of boundary...
CVE-2016-2005
CVE-2016-2005 affects HP Data Protector via the OmniInet.exe service. A remote, unauthenticated attacker can exploit a flaw in the EXEC_BAR username handling (fixed-length stack buffer) to execute arbitrary code. The vulnerability enables code execution under the SYSTEM context by sending malform...
CVE-2016-2008
HP Data Protector is affected by CVE-2016-2008 in versions prior to 7.03 build 108, 8.x prior to 8.15, and 9.x prior to 9.06. The vulnerability is described as an unspecified flaw that allows remote attackers to execute arbitrary code (unauthenticated) or disclose information. The connected sourc...
CVE-2011-0922
Summary: CVE-2011-0922 affects HP Data Protector Client. A vulnerability in processing the EXEC_SETUP (and related EXEC_CMD/INSTALL/EXEC_SETUP) messages allows a remote attacker to force the client to load and execute arbitrary programs from a remote SMB share, enabling remote code execution. The...
CVE-2016-2007
HP Data Protector (HP) is affected by CVE-2016-2007 in versions prior to 7.03_108, 8.x prior to 8.15, and 9.x prior to 9.06. The vulnerability allows unauthenticated remote code execution via unspecified vectors, with ZDI-CAN-3354 tying the issue to the OmniInet.exe service listening on port 5555...
CVE-2017-5809
CVE-2017-5809 is associated with HP Data Protector (versions < 8.17 and
CVE-2011-0924
HP OpenView Storage Data Protector (Data Protector) client vulnerable via the EXEC_CMD handling: it does not verify file contents, allowing remote code execution by embedding malicious code in a file and using a trusted filename (e.g., omni_chk_ds.sh). Affected versions include Data Protector v6....
CVE-2017-5808
CVE-2017-5808 is a Remote Arbitrary Code Execution vulnerability in HP Data Protector, affecting versions prior to 8.17 and 9.09. The issue is exploitable remotely over the network with no user interaction required, and has a high impact on availability (I) per CVSS v3.0 and high overall severity...
CVE-2011-0921
The CVE-2011-0921 issue affects HP OpenView Storage Data Protector, specifically the CRs.exe Cell Manager Service in the client. The vulnerability arises from improper validation of credentials tied to hostname, domain, and username, permitting remote execution of arbitrary code by sending data o...
CVE-2014-5160
HP Data Protector’s Cell Request Service crs.exe is affected by two directory traversal vulnerabilities (opcode 1091 and 305). The flaws allow remote, unauthenticated attackers to write or delete arbitrary files, with potential code execution in the service context. Affected component is crs.exe ...