CVE-2011-0923

EPSS 81.1%

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Affected products

n/a · n/a

public PoCs found — 5

exploitdbwww.exploit-db.com/exploits/17614unverified exploitdbwww.exploit-db.com/exploits/27400unverified exploitdbwww.exploit-db.com/exploits/18521unverified exploitdbwww.exploit-db.com/exploits/17339unverified exploitdbwww.exploit-db.com/exploits/17648unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp http://marc.info/?l=bugtraq&m=130391284726795&w=2 http://securityreason.com/securityalert/8261 http://securityreason.com/securityalert/8323 http://securityreason.com/securityalert/8329 http://www.securityfocus.com/bid/46234 http://www.vupen.com/english/advisories/2011/0308 http://zerodayinitiative.com/advisories/ZDI-11-055/