7 matches found
CVE-2012-0121
HP Data Protector Express (DPX) versions 5.0.00 prior to build 59287 and 6.0.00 prior to build 11974 contain a stack-based buffer overflow in the dpwindtb.dll handling Opcode 0x320, allowing remote, unauthenticated attackers to execute arbitrary code or cause a DoS. ZDI-12-097/disclosures detail ...
CVE-2012-0124
CVE-2012-0124 refers to a stack/heap issue in HP Data Protector Express (DPX) 5.x and 6.x prior to build 59287/11974, exploitable via the DPX server’s dpwindtb.dll when creating a new folder. The connected data confirms a concrete flaw in the AddObject path used by the New Folder operation (SVC 0...
CVE-2010-3007
HP Data Protector Express/DP Express SSE is affected by a stack buffer overflow in the DtbClsLogin function (dpwindtb.dll) that can be triggered by supplying crafted input, with vulnerable versions including HP Data Protector 4.0 SP1 and related 3.x/4.x builds; exploitation can yield code executi...
CVE-2010-3008
HP Data Protector Express/Express SSE on Windows is affected by a stack buffer overflow in the DtbClsLogin path (dpwindtb.dll) that copies user input into a stack buffer via Utf8Cpy, leading to local privilege escalation or denial of service. Affected versions are 3.x before build 56936 and 4.x b...
CVE-2012-0122
CVE-2012-0122 affects HP Data Protector Express (DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974. The ZDI advisory details a flaw in the dpwinsdr.exe process that listens on TCP port 3817 and has insufficient bounds checking on user-supplied data, allowing remote, unauthenticated att...
CVE-2012-0123
HP Data Protector Express (DPX) versions 5.x before 5.0.0 build 59287 and 6.x before 6.0.0 build 11974 are affected by multiple remote vulnerabilities (CVE-2012-0121/0122/0123/0124) leading to arbitrary code execution or DoS. The root cause is a vulnerability in the Windows service components (dp...
CVE-2009-0714
HP Data Protector Express and HP Data Protector Express SSE (3.x and SSE 4.x) are affected by CVE-2009-0714 through the dpwinsup.dll module in the dpwingad process. The vulnerability allows remote attackers to cause a memory read or memory leak and can crash the dpwingad.exe process by sending cr...