CVE-2011-0264 – Hewlett-Packard Network Node Manager OVutil.dll Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0264
Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. Desbordamiento de búfer basado en pila en ovutil.dll en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53, permite a atacantes remotos ejecutar código de su elección a través de una variable COOKIE larga. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovutil.dll component which is loaded by the webserver listening by default on TCP port 80. When handling the COOKIE variable passed through a GET request, the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-006 https://exchange.xforce.ibmcloud.com/vulnerabilities/64652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0263 – HP OpenView Network Node Manager ovas.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0263
Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. Múltiples desbordamientos de búfer basados en pila en ovas.exe en el servicio OVAS en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante una variable (1) Source Node o (2) Destination Node. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovas.exe component which listens by default on TCP port 7510. When handling the Source Node or Destination Node name POST variables the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/64653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0269 – Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0269
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. Desbordamiento de búfer en nnmRptConfig.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo schd_select1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by the webserver that listens by default on TCP port 80. A remote user can send an oversized schd_select1 parameter via a POST request to one of the CGI functions of NNM to trigger a buffer overflow in this module. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/64647 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0262 – HP OpenView Network Node Manager ovutil.dll stringToSeconds Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0262
Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. Desbordamiento de búfer en la función stringToSeconds en ovutil.dll en ovwebsnmpsrv.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante variables de gran tamaño en jovgraph.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request to the target host. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/64654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3285
https://notcve.org/view.php?id=CVE-2010-3285
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad sin especificar en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos. • http://marc.info/?l=bugtraq&m=128525454219838&w=2 •