Page 3 of 62 results (0.014 seconds)

CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0

Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. Desbordamiento de búfer basado en pila en ovutil.dll en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53, permite a atacantes remotos ejecutar código de su elección a través de una variable COOKIE larga. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovutil.dll component which is loaded by the webserver listening by default on TCP port 80. When handling the COOKIE variable passed through a GET request, the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-006 https://exchange.xforce.ibmcloud.com/vulnerabilities/64652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0

Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. Múltiples desbordamientos de búfer basados en pila en ovas.exe en el servicio OVAS en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante una variable (1) Source Node o (2) Destination Node. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovas.exe component which listens by default on TCP port 7510. When handling the Source Node or Destination Node name POST variables the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/64653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. Desbordamiento de búfer en nnmRptConfig.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo schd_select1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by the webserver that listens by default on TCP port 80. A remote user can send an oversized schd_select1 parameter via a POST request to one of the CGI functions of NNM to trigger a buffer overflow in this module. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/64647 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 0

Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. Desbordamiento de búfer en la función stringToSeconds en ovutil.dll en ovwebsnmpsrv.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante variables de gran tamaño en jovgraph.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request to the target host. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/64654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad sin especificar en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos. • http://marc.info/?l=bugtraq&m=128525454219838&w=2 •