80 results (0.011 seconds)

CVSS: 10.0EPSS: 65%CPEs: 2EXPL: 0

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208. Una vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, también conocido como ZDI-CAN-1208. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When processing crafted nameParams parameters, there exists an insufficient boundary check that can lead to a insufficient heap buffer, enabling a heap overflow. • http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •

CVSS: 10.0EPSS: 95%CPEs: 2EXPL: 1

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210. Vunerabilidad sin especificr en HP OpenView Network Node Manager (OV NNM) 7.51 y 7.53 permite a atacantes remotos ejeuctar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1210. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. • https://www.exploit-db.com/exploits/18388 http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •

CVSS: 10.0EPSS: 65%CPEs: 2EXPL: 0

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209. Vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. También conocido como ZDI-CAN-1209. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. • http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." Los scripts CGI en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 no validan correctamente un parámetro no especificado, el cual permite a atacantes remotos ejecutar código arbitrario mediante un comando string para el valor de este parámetro, relacionado con "vulnerabilidad de inyección de comando" • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=887 http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 https://exchange.xforce.ibmcloud.com/vulnerabilities/64657 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 1

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. Desbordamiento de búfer en nnmRptConfig.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante un parámetro namePArams largo, una vulnerabilidad diferente a CVE-2011-0267.2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by the webserver that listens by default on TCP port 80. A remote user can send an oversized nameParams parameter via a POST request to one of the CGI functions of NNM to trigger a buffer overflow in this module. • https://www.exploit-db.com/exploits/17028 http://securityreason.com/securityalert/8151 http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/64650 - • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •