CVE-2014-2624 – Hewlett-Packard Network Node Manager ovopi.dll Command 685 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2624
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. Vulnerabilidad no especificada en HP Network Node Manager i (NNMi) 9.0x, 9.1x, y 9.2x permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-2264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by default on UDP port 696. When parsing command number 685, the process blindly copies user supplied data which can be used to overwrite a vtable or any arbitrary address. • https://www.exploit-db.com/exploits/34866 http://www.securitytracker.com/id/1030827 https://exchange.xforce.ibmcloud.com/vulnerabilities/95875 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04378450 - •
CVE-2013-6220
https://notcve.org/view.php?id=CVE-2013-6220
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP Network Node Manager i (NNMi) 9.0, 9.10 y 9.20 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1030218 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6218
https://notcve.org/view.php?id=CVE-2013-6218
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Network Node Manager i (NNMi) 9.0x, 9.1x y 9.2x permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026039 •
CVE-2013-2351 – Hewlett-Packard Network Node Manager I pmd.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2351
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP Network Node Manager i (NNMi) v9.00, v9.1x, y v9.2x permite a atacantes remotos obtener información sensible, modificar datos o provocar una denegación de servicio a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager i. Authentication is not required to exploit this vulnerability. The specific flaw exists within pmd.exe, which listens by default on TCP port 162. By sending a specially crafted packet to the process, an attacker can provide a size to allocate an undersized buffer which will later be used for a memcpy. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03747342 •
CVE-2012-3279
https://notcve.org/view.php?id=CVE-2012-3279
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en HP Network Node Manager i (NNMi) v8.x, v9.0x, v9.1x, y v9.20, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03652323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •