Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote malicious users to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp data protector 6.11 |
||
hp data protector 6.10 |