Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities found for data_protector by hp
CVE-2017-5809 (GCVE-0-2017-5809)
Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:17
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://labs.mwrinfosecurity.com/assets/BlogFiles… | x_refsource_MISC |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf",
"refsource": "MISC",
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5809",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:17:52.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5808 (GCVE-0-2017-5808)
Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 20:26
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-26 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5808",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:50.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5807 (GCVE-0-2017-5807)
Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-17 00:06
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-26 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5807",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:21.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2006 (GCVE-0-2016-2006)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-246 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-246",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2006",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2008 (GCVE-0-2016-2008)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2008",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2007 (GCVE-0-2016-2007)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-247 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-247",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2007",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2004 (GCVE-0-2016-2004)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/267328 | third-party-advisoryx_refsource_CERT-VN |
| https://www.exploit-db.com/exploits/39874/ | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.com/files/137199/HP-Da… | x_refsource_MISC |
| http://packetstormsecurity.com/files/137341/HP-Da… | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/39858/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#267328",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#267328",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#267328",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"name": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2004",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2005 (GCVE-0-2016-2005)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-245 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-245",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2005",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5160 (GCVE-0-2014-5160)
Vulnerability from cvelistv5 – Published: 2014-08-01 10:00 – Updated: 2024-08-06 11:34 Disputed
VLAI
Summary
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://zerodayinitiative.com/advisories/ZDI-14-262/ | x_refsource_MISC |
| http://zerodayinitiative.com/advisories/ZDI-14-263/ | x_refsource_MISC |
Date Public
2014-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is \"by design."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-01T03:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is \"by design.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-262/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-263/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5160",
"datePublished": "2014-08-01T10:00:00.000Z",
"dateReserved": "2014-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2399 (GCVE-0-2011-2399)
Vulnerability from cvelistv5 – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:00
VLAI
Summary
Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=131188787531606&w=2 | vendor-advisoryx_refsource_HP |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/48917 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/8320 | third-party-advisoryx_refsource_SREASON |
| http://www.securitytracker.com/id?1025857 | vdb-entryx_refsource_SECTRACK |
Date Public
2011-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100346",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100346",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-2399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100346",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-2399",
"datePublished": "2011-08-01T19:00:00.000Z",
"dateReserved": "2011-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0922 (GCVE-0-2011-0922)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://zerodayinitiative.com/advisories/ZDI-11-056/ | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/516272/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-056/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0922",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0921 (GCVE-0-2011-0921)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://zerodayinitiative.com/advisories/ZDI-11-057/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-057/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0921",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0924 (GCVE-0-2011-0924)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/516258/100… | mailing-listx_refsource_BUGTRAQ |
| http://zerodayinitiative.com/advisories/ZDI-11-054/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-054/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0924",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0923 (GCVE-0-2011-0923)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://securityreason.com/securityalert/8261 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/8323 | third-party-advisoryx_refsource_SREASON |
| http://zerodayinitiative.com/advisories/ZDI-11-055/ | x_refsource_MISC |
| http://securityreason.com/securityalert/8329 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8323"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-055/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0923",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5809 (GCVE-0-2017-5809)
Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:17
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://labs.mwrinfosecurity.com/assets/BlogFiles… | x_refsource_MISC |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf",
"refsource": "MISC",
"url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5809",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:17:52.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5808 (GCVE-0-2017-5808)
Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 20:26
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-26 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5808",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:50.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5807 (GCVE-0-2017-5807)
Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-17 00:06
VLAI
Summary
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Severity
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-26 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100088 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | Data Protector |
Affected:
prior to 8.17 and 9.09
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "prior to 8.17 and 9.09"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5807",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:21.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2008 (GCVE-0-2016-2008)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2008",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2007 (GCVE-0-2016-2007)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-247 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-247",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2007",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2006 (GCVE-0-2016-2006)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-246 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-246",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-246"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2006",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2005 (GCVE-0-2016-2005)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-245 | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-245",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2005",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2004 (GCVE-0-2016-2004)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:17
VLAI
Summary
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/267328 | third-party-advisoryx_refsource_CERT-VN |
| https://www.exploit-db.com/exploits/39874/ | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.com/files/137199/HP-Da… | x_refsource_MISC |
| http://packetstormsecurity.com/files/137341/HP-Da… | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/39858/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1035631 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#267328",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#267328",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#267328",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/267328"
},
{
"name": "39874",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39874/"
},
{
"name": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "39858",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39858/"
},
{
"name": "1035631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2004",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5160 (GCVE-0-2014-5160)
Vulnerability from nvd – Published: 2014-08-01 10:00 – Updated: 2024-08-06 11:34 Disputed
VLAI
Summary
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://zerodayinitiative.com/advisories/ZDI-14-262/ | x_refsource_MISC |
| http://zerodayinitiative.com/advisories/ZDI-14-263/ | x_refsource_MISC |
Date Public
2014-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is \"by design."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-01T03:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is \"by design.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-262/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-262/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-263/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-263/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5160",
"datePublished": "2014-08-01T10:00:00.000Z",
"dateReserved": "2014-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2399 (GCVE-0-2011-2399)
Vulnerability from nvd – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:00
VLAI
Summary
Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=131188787531606&w=2 | vendor-advisoryx_refsource_HP |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/48917 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/8320 | third-party-advisoryx_refsource_SREASON |
| http://www.securitytracker.com/id?1025857 | vdb-entryx_refsource_SECTRACK |
Date Public
2011-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100346",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100346",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-2399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100346",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
},
{
"name": "hp-openview-mmd-dos(68865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68865"
},
{
"name": "48917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48917"
},
{
"name": "8320",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8320"
},
{
"name": "1025857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025857"
},
{
"name": "HPSBMU02669",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188787531606\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-2399",
"datePublished": "2011-08-01T19:00:00.000Z",
"dateReserved": "2011-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0924 (GCVE-0-2011-0924)
Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/516258/100… | mailing-listx_refsource_BUGTRAQ |
| http://zerodayinitiative.com/advisories/ZDI-11-054/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-054/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0924",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0923 (GCVE-0-2011-0923)
Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://securityreason.com/securityalert/8261 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/8323 | third-party-advisoryx_refsource_SREASON |
| http://zerodayinitiative.com/advisories/ZDI-11-055/ | x_refsource_MISC |
| http://securityreason.com/securityalert/8329 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8323"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-055/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0923",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0922 (GCVE-0-2011-0922)
Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://zerodayinitiative.com/advisories/ZDI-11-056/ | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/516272/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-056/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0922",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0921 (GCVE-0-2011-0921)
Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zd… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=130391284726795&w=2 | vendor-advisoryx_refsource_HP |
| http://www.vupen.com/english/advisories/2011/0308 | vdb-entryx_refsource_VUPEN |
| http://zerodayinitiative.com/advisories/ZDI-11-057/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/46234 | vdb-entryx_refsource_BID |
Date Public
2011-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-057/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0921",
"datePublished": "2011-02-09T00:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}