CVSS: 9.8EPSS: 27%CPEs: 3EXPL: 1CVE-2010-1033 – HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1033
21 Apr 2010 — Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Tetradyne en HP Operations Manager v7.5, v8.10 y anteriores, podría permitir a atacantes remotos ejecutar código de su elección a través de un argumento ... • https://www.exploit-db.com/exploits/12302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 83%CPEs: 1EXPL: 2CVE-2009-4189 – Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution
https://notcve.org/view.php?id=CVE-2009-4189
03 Dec 2009 — HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. HP Operations Manager tiene una contraseña por defecto "OvW*busr1" para la cuenta ovwebusr, lo qwue permite a atacantes remotos ejecutar código arbitrario a través de ... • https://packetstorm.news/files/id/125021 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 2CVE-2009-3843 – Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3843
20 Nov 2009 — HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. HP Operations Manager v8.10 de Windows contiene una cuenta oculta en el fichero XML donde se especifican los usuarios de Tomcat, lo que permite a atacantes remotos realizar ataques de... • https://packetstorm.news/files/id/125021 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2009-3099 – HP Operations Manager - Default Manager 8.1 Account Remote Security
https://notcve.org/view.php?id=CVE-2009-3099
08 Sep 2009 — Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad... • https://www.exploit-db.com/exploits/33210 •