CVE-2001-0311
published 2001-06-02CVE-2001-0311: Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
PriorityP428medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
11.64%
95.5th percentile
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | <= 11 | — |
| hp | omniback_ii | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP OpenView OmniBack II - Command Execution (Metasploit)
exploitdb·2010-09-20
CVE-2001-0311 HP OpenView OmniBack II - Command Execution (Metasploit)
HP OpenView OmniBack II - Command Execution (Metasploit)
---
##
# $Id: openview_omniback_exec.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP OpenView OmniBack II Command Execution',
'Description' => %q{
This module uses a vulnerability in the OpenView Omniback II
service to execute arbitrary commands. This vulnerability was
discovered by DiGiT and his code was used as the basis for this
module.
For Microsoft Windows targets, due to module limitations, use the
"unix/cmd/generic" payload and set CMD
Exploit-DB
HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)
exploitdb·2001-02-28
CVE-2001-0311 HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)
HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)
---
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP OpenView OmniBack II Command Execution',
'Description' => %q{
This module uses a vulnerability in the OpenView Omniback II
service to execute arbitrary commands. This vulnerability was
discovered by DiGiT and his code was used as the basis for this
module.
For Microsoft Windows targets, due to module limitations, use the
"unix/cmd/generic" payload and set CMD to your command. You can only
pass a small amount o
Exploit-DB
HP OpenView OmniBack II - Generic Remote Command Execution
exploitdb·2000-12-21
CVE-2001-0311 HP OpenView OmniBack II - Generic Remote Command Execution
HP OpenView OmniBack II - Generic Remote Command Execution
---
/*
* HP OpenView OmniBack II generic remote Exploit by DiGiT - [email protected]
*
* Omniback is a network backup system by HP, widely used.
* took me some time to figure out how omniback communicated then it was just
* a matter of finding a bug.
*
* This lovely little exploit will give you a remote "shell" of sorts, you
* can execute any command on the system.
*
* As far as I can tell this thing is vuln on every Omniback I have seen.
* I've tried HP-UX, Linux so far, with diff versions etc. It needs some change
* to work on windows, but should very extremly easy, be creative.
*
* Greets, #!security.is, #!ADM#$%$#, #hax & HP systems for this proggie ;>
*
* - DiGiT [[email protected]]
*
* I'm releasing this because it leaked and
Metasploit
HP OpenView OmniBack II Command Execution
metasploit
HP OpenView OmniBack II Command Execution
HP OpenView OmniBack II Command Execution
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set CMD to your command. You can only pass a small amount of characters (4) to the command line on Windows.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/hp/2001-q1/0022.htmlhttp://archives.neohapsis.com/archives/hp/2001-q1/0023.htmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142https://exchange.xforce.ibmcloud.com/vulnerabilities/6434http://archives.neohapsis.com/archives/hp/2001-q1/0022.htmlhttp://archives.neohapsis.com/archives/hp/2001-q1/0023.htmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142https://exchange.xforce.ibmcloud.com/vulnerabilities/6434
2001-06-02
Published