Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi aka rgodZDI-11-323
HistoryNov 07, 2011 - 12:00 a.m.

HP Data Protector Notebook Extension Policy Server LogClientHealth Remote SQL Injection Vulnerabilty

2011-11-0700:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
11

0.932 High

EPSS

Percentile

99.1%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

Related

cve 1
cvelist 1
prion 1
nvd 1
securityvulns 2
cve
cve
CVE-2011-3159
2011-10-19 15:55:01
cvelist
cvelist
CVE-2011-3159
2011-10-19 15:00:00
prion
prion
Code injection
2011-10-19 15:55:00
nvd
nvd
CVE-2011-3159
2011-10-19 15:55:01
securityvulns
securityvulns
HP Data Protector Notebook Extension multiple security vulnerabilities
2011-10-24 00:00:00
[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
2011-10-24 00:00:00

0.932 High

EPSS

Percentile

99.1%

JSON
Related for ZDI-11-323
cve1cvelist1prion1nvd1securityvulns2