Page 4 of 39 results (0.013 seconds)

CVSS: 10.0EPSS: 76%CPEs: 12EXPL: 0

Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function. Desbordamiento de búfer en nnmRptConfig.exe en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código arbitrario a través del parámetro largo "Template", relacionado con la función vsprintf. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables, the vulnerable process copies the contents of the Template parameter into a fixed length stack buffer using a vsprintf() call. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508346/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37296 http://zerodayinitiative.com/advisories/ZDI-09-096 https://exchange.xforce.ibmcloud.com/vulnerabilities/54653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 2%CPEs: 12EXPL: 0

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts. El servidor HTTP port-3443 en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro "hostname" a secuencias de comandos Perl sin especificar. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables distributed with Network Node Manager (NNM). Several of these applications fail to sanitize the hostname HTTP variable when requests are made to the NNM HTTP server which listens by default on TCP port 3443. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508345/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37300 http://zerodayinitiative.com/advisories/ZDI-09-094 https://exchange.xforce.ibmcloud.com/vulnerabilities/54651 •

CVSS: 10.0EPSS: 94%CPEs: 12EXPL: 1

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe. Múltiples desbordamientos del búfer de la pila en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código arbitrario a través de (1)el parámetro largo "Template" a nnmRptConfig.exe, relacionado con la función strcat; o (2) un parámetro "Oid" a snmp.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Template parameter into a fixed length stack buffer using a strcat call. • https://www.exploit-db.com/exploits/16780 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508348/100/0/threaded http://www.securityfocus.com/archive/1/508349/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37298 http://www.securityfocus.com/bid/37299 http://zerodayinitiative.com/advisories/ZDI-09-095 http://zerodayi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 15%CPEs: 3EXPL: 0

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad inespecífica en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código de forma arbitraria a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=124146030732511&w=2 http://osvdb.org/54222 http://secunia.com/advisories/34942 http://www.securitytracker.com/id?1022163 http://www.vupen.com/english/advisories/2009/1250 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 73%CPEs: 3EXPL: 0

Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow. El desbordamiento de enteros en el archivo ovalarmsrv.exe en OpenView Network Node Manager (OV NNM) de HP versiones 7.01, 7.51 y 7.53, permite a los atacantes remotos ejecutar código arbitrario por medio de un comando diseñado al puerto TCP 2954, conllevando a un desbordamiento de búfer en la región heap de la memoria. • http://osvdb.org/54107 http://secunia.com/secunia_research/2008-38 http://www.securityfocus.com/archive/1/503024 http://www.securityfocus.com/archive/1/503039/100/0/threaded http://www.securityfocus.com/bid/34738 http://www.vupen.com/english/advisories/2009/1187 • CWE-189: Numeric Errors •