CVE-2016-2004

Related Files

HP Data Protector Encrypted Communication Remote Command Execution

Posted Jun 7, 2016

Authored by Ian Lovering, Jon Barg | Site metasploit.com

This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.

tags | exploit, remote, code execution

systems | windows

advisories | CVE-2016-2004

SHA-256 | d6104ee164909d896d2db7f3faa4bb142889d586dbc1d543620408ee9bbbccf2

Download | Favorite | View

HP Data Protector A.09.00 Command Execution

Posted May 26, 2016

Authored by Ian Lovering

HP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.

tags | exploit, arbitrary

advisories | CVE-2016-2004

SHA-256 | d3f1ffffb6eef9ed7cc7377227cb355ba26d3c2faa89427fe68466377916027e

Download | Favorite | View

HP Security Bulletin HPSBGN03580 1

Posted Apr 22, 2016

Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability

advisories | CVE-2015-2808, CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008

SHA-256 | fe555940ce11a58464ddf248fb5f34613b1577e3c29742dd8f78b82baddfc1de

Download | Favorite | View