7 matches found
CVE-2011-0923
HP Data Protector 6.1 contains a remote code execution flaw in the omniinet service treated via EXEC_CMD handling. A crafted EXEC_CMD packet can cause the process to interpret user-supplied input as part of a filename, leading to arbitrary command execution (notably via perl.exe in {install_path}...
CVE-2017-5807
CVE-2017-5807 is a Remote Arbitrary Code Execution vulnerability affecting HPE Data Protector versions prior to 8.17 and 9.09. The connected sources indicate an overflow condition that, when triggered by certain input, could allow remote code execution. The issue is categorized with high to criti...
CVE-2011-0922
Summary: CVE-2011-0922 affects HP Data Protector Client. A vulnerability in processing the EXEC_SETUP (and related EXEC_CMD/INSTALL/EXEC_SETUP) messages allows a remote attacker to force the client to load and execute arbitrary programs from a remote SMB share, enabling remote code execution. The...
CVE-2017-5809
CVE-2017-5809 is associated with HP Data Protector (versions < 8.17 and
CVE-2011-0924
HP OpenView Storage Data Protector (Data Protector) client vulnerable via the EXEC_CMD handling: it does not verify file contents, allowing remote code execution by embedding malicious code in a file and using a trusted filename (e.g., omni_chk_ds.sh). Affected versions include Data Protector v6....
CVE-2017-5808
CVE-2017-5808 is a Remote Arbitrary Code Execution vulnerability in HP Data Protector, affecting versions prior to 8.17 and 9.09. The issue is exploitable remotely over the network with no user interaction required, and has a high impact on availability (I) per CVSS v3.0 and high overall severity...
CVE-2011-0921
The CVE-2011-0921 issue affects HP OpenView Storage Data Protector, specifically the CRs.exe Cell Manager Service in the client. The vulnerability arises from improper validation of credentials tied to hostname, domain, and username, permitting remote execution of arbitrary code by sending data o...