CVSS: 10.0EPSS: 73%CPEs: 3EXPL: 0CVE-2008-2438
https://notcve.org/view.php?id=CVE-2008-2438
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow. El desbordamiento de enteros en el archivo ovalarmsrv.exe en OpenView Network Node Manager (OV NNM) de HP versiones 7.01, 7.51 y 7.53, permite a los atacantes remotos ejecutar código arbitrario por medio de un comando diseñado al puerto TCP 2954, conllevando a un desbordamiento de búfer en la región heap de la memoria. • http://osvdb.org/54107 http://secunia.com/secunia_research/2008-38 http://www.securityfocus.com/archive/1/503024 http://www.securityfocus.com/archive/1/503039/100/0/threaded http://www.securityfocus.com/bid/34738 http://www.vupen.com/english/advisories/2009/1187 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 4%CPEs: 12EXPL: 0CVE-2008-4562
https://notcve.org/view.php?id=CVE-2008-4562
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. Desbordamiento de búfer en el programa CGI en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 sobre Windows, permite a atacantes remotos ejecutar código de su elección a través del parámetro "Host" manipulado. NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4560
https://notcve.org/view.php?id=CVE-2008-4560
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53, permite a atacantes remotos obtener información sensible a través de de (1)un petición manipulada al programa CGI nnmRptConfig.exe, que revela la ruta de los directorios de log; o (2) un parámetro manipulado en una petición al programa CGI ovlaunch.exe, que muestra detalles de la configuración. NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 12EXPL: 0CVE-2008-4559
https://notcve.org/view.php?id=CVE-2008-4559
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53, permite a atacantes remotos ejecutar código de su elección a través de caracteres de consola en los campos de argumentos a los programas CGI (1) webappmon.exe o (2) OpenView5.exe NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 40%CPEs: 4EXPL: 3CVE-2008-3544 – HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3544
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954. Múltiples desbordamientos de bufer basados en pila en ovalarmsrv de HP OpenView Network Node Manager(OV NNM) 7.51, 7.01 y, posiblemente, 7.50 y 7.53, permiten a atacantes remotos ejecutar código arbitrario a través de peticiones excesivamente largas a (1) REQUEST_SEV_CHANGE (alias número 47), ( 2) REQUEST_SAVE_STATE (alias número 61), o (3) REQUEST_RESTORE_STATE (alias número 62) al puerto TCP 2954. • https://www.exploit-db.com/exploits/5396 http://aluigi.altervista.org/adv/closedview_old-adv.txt http://downloads.securityfocus.com/vulnerabilities/exploits/28668.c http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01537275 http://secunia.com/advisories/31688 http://securityreason.com/securityalert/4397 http://www.securityfocus.com/archive/1/490541 http://www.securityfocus.com/bid/28668 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •