exploit the possibilities
Showing 1 - 25 of 71 RSS Feed

Files

HP Data Protector Remote Shell
Posted Aug 5, 2011
Authored by Adrian Puente Z.

HP Data Protector remote shell for HP-UX that leverages improper filtering of arguments to the EXEC_CMD command.

tags | exploit, remote, shell
systems | hpux
advisories | CVE-2011-0923
MD5 | 9ff5c82454b6df98b6d11d163bed91dd

Related Files

HP Data Protector A.09.00 Command Execution
Posted May 26, 2016
Authored by Ian Lovering

HP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.

tags | exploit, arbitrary
advisories | CVE-2016-2004
MD5 | 0a352bd93169ccb7ce4f5b0346d183bd
HP Data Protector 6.10 / 6.11 / 6.20 Install Service
Posted Apr 22, 2016
Authored by Ben Turner | Site metasploit.com

This Metasploit module exploits HP Data Protector Omniinet process on Windows only. This exploit invokes the install service function which allows an attacker to create a custom payload in the format of an executable. To ensure this works, the SMB server created in MSF must have a share called Omniback which has a subfolder i386.

tags | exploit
systems | windows
advisories | CVE-2011-0922
MD5 | 033040fdd99d24ef73bd5bc7f2b94831
HP Security Bulletin HPSBGN03580 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-2808, CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008
MD5 | 94b9ecc6d6516cdc4304e8005d7ddb3e
HP Security Bulletin HPSBMU03416 1
Posted Aug 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03416 1 - A potential security vulnerability has been identified with HP Data Protector. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 50990740d2c2508ec93173a2105f129c
HP Security Bulletin HPSBMU03321 1
Posted Apr 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03321 1 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2015-2116
MD5 | 2c0894e2e64449b5e1264c64c737b5f0
HP Security Bulletin HPSBMU02895 SSRT101253 5
Posted Mar 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 5 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 5 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 2ee0bde75e35fb76aedf6add788d8258
HP Data Protector 8.10 Remote Command Execution
Posted Mar 5, 2015
Authored by Christian Ramirez, Henoch Barrera | Site metasploit.com

This Metasploit module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This Metasploit module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1.

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2014-2623
MD5 | 7d0e14569e8f640a3bc4fd60081400d4
HP Security Bulletin HPSBMU03072 3
Posted Nov 18, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03072 3 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-2623
MD5 | 8be31e43075d027d6486bb8c67b0ea04
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
MD5 | 97b7fba08bd2896683e6299d64a0465b
HP Security Bulletin HPSBMU02895 SSRT101253 4
Posted Oct 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 4 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 3f22da634343a78196e2f38177606169
HP Security Bulletin HPSBMU02895 SSRT101253 3
Posted Oct 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 3 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 14a88d8c8f39b93b3f09787dec2eb83c
HP Security Bulletin HPSBMU03072 SSRT101644
Posted Jul 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-2623
MD5 | 3be700ebb26db592e41de4d0d6bbefba
HP Data Protection Manager 8.10 Remote Command Execution
Posted Jul 15, 2014
Authored by Polunchis

HP Data Protection manager version 8.10 suffers from a remote command execution.

tags | exploit, remote
MD5 | 9156ee6da7056e2c2e6c5fa6c036f07b
HP Security Bulletin HPSBMU02895 SSRT101253 2
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 2 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | efd2eac43af521cdcc6e83f02166a8d8
HP Data Protector Backup Client Service Remote Code Execution
Posted Mar 6, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This Metasploit module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2013-2347
MD5 | 08b88f75df71bafc815c57e6e4d06468
HP Data Protector EXEC_BAR Remote Command Execution
Posted Feb 17, 2014
Authored by Chris Graham

HP Data Protector EXEC_BAR remote command execution exploit that affects versions 6.10, 6.11, and 6.20.

tags | exploit, remote
advisories | CVE-2013-2347
MD5 | 4664adb906972194b524f406999b4e3b
HP Data Protector Backup Client Service Directory Traversal
Posted Jan 21, 2014
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service (OmniInet.exe) when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2013-6194
MD5 | cd4b503a320d7db8abff859ab89ee7b2
HP Security Bulletin HPSBMU02895 SSRT101253
Posted Jan 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 0cf46003d33dd79656cac6b75da04d43
HP Data Protector Cell Request Service Buffer Overflow
Posted Oct 14, 2013
Authored by juan vazquez, e6af8de8b1d4b2b6d5ba2610cbf9cd38 | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This Metasploit module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2013-2333, OSVDB-93867
MD5 | 3abb5139270a83d5caa4e3ed7207ad5e
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta

This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl, python
advisories | CVE-2011-0923, OSVDB-72526
MD5 | 170a7d65a9fbfba5d4a2f9d411ee7f6a
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta | Site metasploit.com

This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl
systems | windows
advisories | CVE-2011-0923, OSVDB-72526
MD5 | 0930bb4ab77459873c9f363e210b5225
HP Security Bulletin HPSBMU02883 SSRT101227
Posted Jun 5, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02883 SSRT101227 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2324, CVE-2013-2325, CVE-2013-2326, CVE-2013-2327, CVE-2013-2328, CVE-2013-2329, CVE-2013-2330, CVE-2013-2331, CVE-2013-2332, CVE-2013-2333, CVE-2013-2334, CVE-2013-2335
MD5 | 01bd15bebd2363d76d5ef0ae36e90558
HP Security Bulletin HPSBMU02830 SSRT100889 2
Posted Apr 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02830 SSRT100889 2 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be locally exploited to allow an increase of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5220
MD5 | 8d8fafbe347e514bac90d09aecf19290
HP Data Protector DtbClsLogin Buffer Overflow
Posted Dec 12, 2012
Authored by AbdulAziz Hariri, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution
advisories | CVE-2010-3007, OSVDB-67973
MD5 | 6c26ea3612b7a334b8ab2fb8d806d036
HP Data Protector Create New Folder Buffer Overflow
Posted Jul 2, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution
advisories | CVE-2012-0124, OSVDB-80105
MD5 | 3e8a696e7dabdf035e54f1e3e2a26123
Page 1 of 3
Back123Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close