Metasploit modules that can be used to exploit HP » Storage Data Protector
-
HP Data Protector 8.10 Remote Command Execution
Disclosure Date: 2014-11-02First seen: 2020-04-26exploit/windows/misc/hp_dataprotector_cmd_execThis module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be executed by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is a strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1. Authors: - Christian Ramirez - Henoch Barrera - Matthew Hall <hallm@sec-1.com> -
HP Data Protector Backup Client Service Remote Code Execution
Disclosure Date: 2014-01-02First seen: 2020-04-26exploit/windows/misc/hp_dataprotector_exec_barThis module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2. Authors: - Aniway.Anyway <Aniway.Anyway@gmail.com> - juan vazquez <juan.vazquez@metasploit.com> -
HP Data Protector Backup Client Service Directory Traversal
Disclosure Date: 2014-01-02First seen: 2020-04-26exploit/windows/misc/hp_dataprotector_traversalThis module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists in the Backup Client Service (OmniInet.exe) and is triggered when parsing packets with opcode 42. This module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3. Authors: - Brian Gorenc - juan vazquez <juan.vazquez@metasploit.com> -
HP Data Protector Cell Request Service Buffer Overflow
Disclosure Date: 2013-06-03First seen: 2020-04-26exploit/windows/misc/hp_dataprotector_crsThis module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3. Authors: - e6af8de8b1d4b2b6d5ba2610cbf9cd38 - juan vazquez <juan.vazquez@metasploit.com>
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details