CVSS: 10.0EPSS: 73%CPEs: 3EXPL: 0CVE-2008-2438
https://notcve.org/view.php?id=CVE-2008-2438
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow. El desbordamiento de enteros en el archivo ovalarmsrv.exe en OpenView Network Node Manager (OV NNM) de HP versiones 7.01, 7.51 y 7.53, permite a los atacantes remotos ejecutar código arbitrario por medio de un comando diseñado al puerto TCP 2954, conllevando a un desbordamiento de búfer en la región heap de la memoria. • http://osvdb.org/54107 http://secunia.com/secunia_research/2008-38 http://www.securityfocus.com/archive/1/503024 http://www.securityfocus.com/archive/1/503039/100/0/threaded http://www.securityfocus.com/bid/34738 http://www.vupen.com/english/advisories/2009/1187 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 4%CPEs: 12EXPL: 0CVE-2008-4562
https://notcve.org/view.php?id=CVE-2008-4562
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. Desbordamiento de búfer en el programa CGI en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 sobre Windows, permite a atacantes remotos ejecutar código de su elección a través del parámetro "Host" manipulado. NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4560
https://notcve.org/view.php?id=CVE-2008-4560
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53, permite a atacantes remotos obtener información sensible a través de de (1)un petición manipulada al programa CGI nnmRptConfig.exe, que revela la ruta de los directorios de log; o (2) un parámetro manipulado en una petición al programa CGI ovlaunch.exe, que muestra detalles de la configuración. NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 12EXPL: 0CVE-2008-4559
https://notcve.org/view.php?id=CVE-2008-4559
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53, permite a atacantes remotos ejecutar código de su elección a través de caracteres de consola en los campos de argumentos a los programas CGI (1) webappmon.exe o (2) OpenView5.exe NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 83%CPEs: 1EXPL: 1CVE-2008-0067 – HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0067
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. Múltiples desbordamientos de búfer basados en pila en HP OpenView Network Node Manager (OV NNM) v7.51 permite a atacantes remotos ejecutar código de su elección a través de (1) parámetros de cadenas largas del programa CGI OpenView5.exe; (2) un parámetro de cadena larga del programa CGI OpenView5.exe, relacionado con ov.dll; o un parámetro de cadena larga de los programas CGI (3) getcvdata.exe, (4) ovlaunch.exe, o (5) Toolbar.exe. • https://www.exploit-db.com/exploits/16795 http://marc.info/?l=bugtraq&m=123247393715913&w=2 http://secunia.com/advisories/28074 http://secunia.com/secunia_research/2008-13 http://securityreason.com/securityalert/4885 http://securityreason.com/securityalert/8307 http://securitytracker.com/id?1021521 http://www.securityfocus.com/archive/1/499826/100/0/threaded http://www.securityfocus.com/bid/33147 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •