CVE-2011-0923
HP Data Protector - Improper Input Validation
Title source: ruleDescription
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Exploits (7)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18521
exploitdb
WORKING POC
VERIFIED
by fdiskyou · pythonremotewindows
https://www.exploit-db.com/exploits/17339
exploitdb
WORKING POC
by Alessandro Di Pinto & Claudio Moletta · pythonremotewindows
https://www.exploit-db.com/exploits/27400
exploitdb
WORKING POC
by Adrian Puente Z. · bashremotehp-ux
https://www.exploit-db.com/exploits/17614
metasploit
WORKING POC
by ch0ks, c4an, wireghoul, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb
metasploit
WORKING POC
EXCELLENT
by ch0ks, c4an, wireghoul, Javier Ignacio · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb
References (8)
Scores
EPSS
0.8989
EPSS Percentile
99.6%
Details
CWE
CWE-20
Status
published
Products (1)
hp/data_protector
Published
Feb 09, 2011
Tracked Since
Feb 18, 2026