CVE-2011-3160

Related Files

Zero Day Initiative Advisory 11-322

Posted Nov 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp

advisories | CVE-2011-3160

SHA-256 | 6a74ac0937627315840074635634fc8916adb3f1765ec2c6c4f7a632a54c4f61

Download | Favorite | View

HP Security Bulletin HPSBMU02716 SSRT100651

Posted Oct 20, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162

SHA-256 | b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524da

Download | Favorite | View