CVE-2011-3161

Related Files

Zero Day Initiative Advisory 11-327

Posted Nov 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp

advisories | CVE-2011-3161

SHA-256 | dcedd1f5279bffe71ebb152a88eb1b63bd0865f88191f86b8f3a11151ef3fbff

Download | Favorite | View

HP Security Bulletin HPSBMU02716 SSRT100651

Posted Oct 20, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162

SHA-256 | b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524da

Download | Favorite | View