header-logo
Suggest Exploit
vendor:
OpenView Radia Management Portal
by:
SecurityFocus
8.8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: OpenView Radia Management Portal
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2004-0753
CPE: a:hp:openview_radia_management_portal
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0753/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, UNIX
2004

HP OpenView Radia Management Portal Remote Command Execution Vulnerability

A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer. An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.

Mitigation:

Upgrade to the latest version of HP OpenView Radia Management Portal.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13414/info

A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer.

An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms. 

bash$ printf "\x00\x00\x00../../windows/system32/whoami.exe\x00" | nc -v
xx.xx.xx.xx 1065

Navigation

Suggest Exploit

Services By CQR