CVE-2011-1736 Information

Description

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00 6.10 and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240 http://osvdb.org/72195 http://secunia.com/advisories/44402 http://www.securityfocus.com/archive/1/517772/100/0/threaded http://www.securityfocus.com/bid/47638 http://www.securitytracker.com/id?1025454 http://zerodayinitiative.com/advisories/ZDI-11-152/ https://exchange.xforce.ibmcloud.com/vulnerabilities/67209