24 matches found
CVE-2013-2332
HP Data Protector (v6.20/v6.21; v7.00/v7.01) is affected by a remote code execution vulnerability in crs.exe (opcode 260) that allows unauthenticated attackers to copy user-supplied data into a fixed-length stack buffer and execute code as SYSTEM. The issue affects the Cell Manager; vulnerable pa...
CVE-2013-2334
HP Data Protector (Storage Data Protector) XP: CVE-2013-2334 affects HP Data Protector v6.20/v6.21 and v7.00/v7.01. The Red Hat/HP advisories describe a remote code execution risk via unspecified vectors, with the root cause tied to a crash/overflow in crs.exe (Cell Manager) that copies user-supp...
CVE-2013-2328
CVE-2013-2328 affects HP Storage/Data Protector 6.20/6.21 and 7.00/7.01. A stack-based buffer overflow in crs.exe (within HP Data Protector) when parsing specific opcodes (215 and 263) allows remote code execution. This can occur without authentication and is exploitable over the network, with th...
CVE-2013-2331
HP Data Protector (v6.20/v6.21/v7.00/v7.01) is vulnerable to a remote code execution due to a stack-based buffer overflow in crs.exe when parsing opcode 1092. The issue, ZDI-CAN-1652, allows unauthenticated, remote attackers to execute arbitrary code (SYSTEM context) on vulnerable installations. ...
CVE-2013-2327
HP Data Protector CVE-2013-2327 is a remote code execution flaw in crs.exe (opcode 264). Affected versions: 6.20/6.21 and 7.00/7.01. The vulnerability enables unauthenticated remote code execution with SYSTEM privileges by parsing a crafted opcode on the Cell Manager, listening on a random TCP po...
CVE-2013-2325
HP Data Protector (Storage Data Protector) CVE-2013-2325 affects HP Storage Data Protector v6.20/v6.21 and v7.00/v7.01. The Red Hat/ZeroDay and HP security bulletins describe a stack-based buffer overflow in the Cell Request service (crs.exe) when processing opcode 235, allowing remote attackers ...
CVE-2014-2623
CVE-2014-2623 affects HPE Data Protector 8.x (and related 8.x prior to 8.15 and other lines per later notes) where remote code execution is possible due to lack of authentication in the Data Protector components (e.g., OmniInet/agents). Public evidence includes Metasploit and Exploit-DB entries d...
CVE-2013-2347
HP Data Protector Backup Client Service (OmniInet.exe) in HP Data Protector 6.2X is vulnerable to remote command execution via the EXEC_BAR opcode (11) sent to TCP port 5555, enabling an attacker to run arbitrary commands or cause a DoS. Public exploits and proofs of concept exist (e.g., Metasplo...
CVE-2013-6195
CVE-2013-6195 is documented as an unspecified remote vulnerability in HP Storage Data Protector 6.2X that could allow remote code execution or DoS. Connected sources identify HP Data Protector patches and advisories (HPSBMU02895) addressing multiple CVEs, including 2013-6195, with platform-specif...
CVE-2013-2333
HP Data Protector contains a remote code execution vulnerability (CVE-2013-2333) in the CRS.exe Cell Request Service caused by a stack-based buffer overflow when processing opcode 211. A remote attacker can send a crafted request to the vulnerable CRS service (which listens on a random port) to e...
CVE-2013-6194
CVE-2013-6194 is an input-validation/directory-traversal vulnerability in HP Data Protector (Backup Client Service) exploited via Opcode 42, enabling remote attackers to write arbitrary files and potentially achieve code execution. Multiple connected advisories (CPAIs) and Nessus/OpenVAS entries ...
CVE-2013-2330
CVE-2013-2330 affects HP Storage/Data Protector. The vulnerability is a stack-based buffer overflow in the Cell Request service (crs.exe) when processing opcode 305, enabling remote arbitrary code execution. Exploitation is unauthenticated and can run with SYSTEM/privileged context on affected Wi...
CVE-2013-2344
HP Storage/Data Protector 6.2X is vulnerable to remote code execution and DoS via the OmniInet/omniinet service (default port 5555). CVE-2013-2344 (ZDI-1866) and related CVEs describe multiple remote vulnerabilities leading to arbitrary code execution or privilege escalation. HP’s security bullet...
CVE-2013-2348
CVE-2013-2348 affects HP Data Protector (HP Storage/Data Protector Open View Storage Data Protector). The issue exists in the OmniInet.exe Backup Client Service, which listens on TCP port 5555. A remote attacker can send crafted OmniInet messages (opcode 45/46 per ZDI-14-002) to trigger insuffici...
CVE-2013-2349
CVE-2013-2349 concerns HP Storage Data Protector 6.2X with an unspecified vulnerability that enables remote code execution or a DoS via unknown vectors (ZDI-CAN-1896). Multiple connected advisories reference this family of vulnerabilities affecting HP Data Protector/OpenView Data Protector across...
CVE-2015-2116
CVE-2015-2116 affects HP Data Protector (Storage Data Protector) 7.x, specifically vulnerable until 7.03 Build 107 (patches to 7.03 Build 107 required after updating from 7.03 Build 105). HP’s Security Bulletin HPSBMU03321 confirms remote privilege escalation, DoS, and arbitrary code execution co...
CVE-2013-2324
CVE-2013-2324 affects HP Storage/Data Protector (v6.20/v6.21 and v7.00/v7.01). The Red Hat/HP advisories describe a stack buffer overflow in the CRS service (CRS.exe) triggered by parsing certain opcodes (207, 210, 236, 243, 265). This allows a remote, unauthenticated attacker to run arbitrary co...
CVE-2013-2345
HP Data Protector (Storage Data Protector) 6.2X is affected by CVE-2013-2345, a remote vulnerability enabling arbitrary code execution or DoS. Affected: HP Storage Data Protector v6.2X on HP-UX 11i, Windows Server 2003/2008, Solaris, Linux. Root cause: remote vulnerability with high impact (CVE-2...
CVE-2013-2326
HP Data Protector CVE-2013-2326 affects Data Protector v6.20/v6.21 and v7.00/v7.01. The root cause is a stack buffer overflow in the Cell Request Service (crs.exe) when processing opcode 234, allowing remote attackers to cause arbitrary code execution. Exploitation is possible remotely and unauth...
CVE-2013-2346
CVE-2013-2346 affects HP Storage Data Protector 6.2X (HP OpenView Data Protector). The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors (ZDI-1870). HP published security guidance HPSBMU02895 and patches to resolve the issues, with af...
CVE-2013-2329
HP Data Protector (CRS opcode 259) is affected by a stack-based buffer overflow in crs.exe when processing opcode 259, allowing a remote, unauthenticated attacker to execute arbitrary code. Affected versions include 6.20, 6.21, 7.00, and 7.01; the flaw occurs during parsing of opcode 259 and is e...
CVE-2012-5220
CVE-2012-5220 affects HP Storage Data Protector 6.20/6.21/7.00/7.01 with a local privilege-escalation vulnerability. Root cause is described as an unspecified vulnerability allowing local users to gain privileges via unknown vectors. HP’s Security Bulletin HPSBMU02830 lists affected versions and ...
CVE-2013-2335
HP Data Protector (v6.20/6.21; v7.00/7.01) contains a remote code execution vulnerability in the Cell Request Service crs.exe triggered by opcode 227. The flaw allows a remote attacker to cause a stack buffer overflow and execute arbitrary code with SYSTEM privileges by sending a crafted request ...
CVE-2013-2350
HP Storage Data Protector 6.2X is affected by CVE-2013-2350, with remote attackers able to execute arbitrary code or cause a DoS via unspecified vectors (ZDI-CAN-1897). HP's related security bulletin HPSBMU02895 lists affected platforms and provides patches: HP-UX (PHSS_43780/PHSS_43781), Linux (...