CVSS: 7.8EPSS: 6%CPEs: 2EXPL: 2CVE-2008-1852
https://notcve.org/view.php?id=CVE-2008-1852
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure. ovalarmsrv en HP OpenView Network Node Manager (OV NNM) 7.51, 7.53 y posiblemente otras versiones permite a atacantes remotos provocar una denegación de servicio (caída) a través de ciertas peticiones que especifican un número grande de sub-argumentos, lo que dispara una referencia a un puntero NULO debido a un fallo de asignación de memoria. • http://aluigi.altervista.org/adv/closedviewx-adv.txt http://secunia.com/advisories/29796 http://www.securityfocus.com/archive/1/490771 http://www.securityfocus.com/bid/28745 http://www.securitytracker.com/id?1019839 http://www.vupen.com/english/advisories/2008/1214/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41695 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 1CVE-2008-1851
https://notcve.org/view.php?id=CVE-2008-1851
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments. ovalarmsrv de HP OpenView Network Node Manager (OV NNM) 7.51, 7.53 y puede que también en otras versiones; permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante ciertas solicitudes que no proporcionan todos los argumentos necesarios. • http://aluigi.altervista.org/adv/closedviewx-adv.txt http://secunia.com/advisories/29796 http://www.securityfocus.com/archive/1/490771 http://www.securityfocus.com/bid/28745 http://www.securitytracker.com/id?1019839 http://www.vupen.com/english/advisories/2008/1214/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41694 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 20%CPEs: 17EXPL: 2CVE-2008-1842 – HP OpenView Network Node Manager 7.x - 'ovspmd' Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1842
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. Error en la propiedad signedness de enteros en el archivo ovspmd.exe en HP OpenView Network Node Manager (OV NNM) versiones 8.01 y 7.53 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o ejecutar código arbitrario por medio de una petición larga al puerto TCP 8886 que comienza con un determinado entero negativo, que pasa una comparación firmada y desencadena un desbordamiento de búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/31629 http://aluigi.altervista.org/adv/closedview-adv.txt http://aluigi.org/poc/closedview.zip http://marc.info/?l=bugtraq&m=121321155405849&w=2 http://secunia.com/advisories/29713 http://securitytracker.com/id?1019821 http://www.securityfocus.com/archive/1/493781/100/0/threaded http://www.securityfocus.com/bid/28689 http://www.vupen.com/english/advisories/2008/1159 https://exchange.xforce.ibmcloud.com/vulnerabilities/41737 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 96%CPEs: 2EXPL: 3CVE-2008-0068 – HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe?Action' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2008-0068
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. Una vulnerabilidad de salto de directorio en el archivo OpenView5.exe en HP OpenView Network Node Manager (OV NNM) versiones 7.01, 7.51 y 7.53, permite a los atacantes remotos leer archivos arbitrarios por medio secuencias de salto de directorio en el parámetro Action. • https://www.exploit-db.com/exploits/31638 http://aluigi.altervista.org/adv/closedviewx-adv.txt http://marc.info/?l=bugtraq&m=121553649611253&w=2 http://secunia.com/advisories/29796 http://secunia.com/secunia_research/2008-4/advisory http://securityreason.com/securityalert/3814 http://www.osvdb.org/44359 http://www.securityfocus.com/archive/1/490771 http://www.securityfocus.com/archive/1/490834/100/0/threaded http://www.securityfocus.com/bid/28745 http://www.securitytrac • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 95%CPEs: 3EXPL: 4CVE-2008-1697 – HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)
https://notcve.org/view.php?id=CVE-2008-1697
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca ovwparser.dll en HP OpenView Network Node Manager (OV NNM) versiones 7.53, 7.51 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un URI largo en una petición HTTP procesada por el archivo ovas.exe, como es demostrado por una determinada petición de topology/homeBaseView. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/5342 https://www.exploit-db.com/exploits/16774 http://marc.info/?l=bugtraq&m=121553626110871&w=2 http://secunia.com/advisories/29641 http://www.offensive-security.com/0day/hp-nnm-ov.py.txt http://www.securityfocus.com/bid/28569 http://www.securitytracker.com/id?1019782 http://www.vupen.com/english/advisories/2008/1085/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41600 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •