CVE-2014-2648
https://notcve.org/view.php?id=CVE-2014-2648
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Operations Manager 9.10 y 9.11 en UNIX permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 •
CVE-2014-2649
https://notcve.org/view.php?id=CVE-2014-2649
Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Operations Manager 9.20 en UNIX permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 •
CVE-2014-5073 – VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. vmtadmin.cgi en VMTurbo Operations Manager anterior a 4.6 build 28657 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro fileDate en una llamada DOWN. • https://www.exploit-db.com/exploits/34335 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://secunia.com/advisories/58880 http://secunia.com/secunia_research/2014-8 http://www.exploit-db.com/exploits/34335 http://www.osvdb.org/109572 http://www.securityfocus.com/bid/69225 https://exchange.xforce.ibmcloud.com/vulnerabilities/95319 http •
CVE-2014-3806 – VM Turbo Operations Manager 4.5x - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-3806
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. Vulnerabilidad de salto de directorio en cgi-bin/help/doIt.cgi en VMTurbo Operations Manager anterior a 4.6 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro xml_path. • https://www.exploit-db.com/exploits/33334 http://osvdb.org/show/osvdb/106776 http://packetstormsecurity.com/files/126550/VM-Turbo-Operations-Manager-4.5.x-Directory-Traversal.html http://www.exploit-db.com/exploits/33334 http://www.securityfocus.com/archive/1/532061/100/0/threaded http://www.securityfocus.com/bid/67292 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1033 – HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1033
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Tetradyne en HP Operations Manager v7.5, v8.10 y anteriores, podría permitir a atacantes remotos ejecutar código de su elección a través de un argumento largo a los métodos (1) LoadFile o (2) SaveFile. Relacionado con srcvw32.dll y srcvw4.dll. • https://www.exploit-db.com/exploits/12302 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800 http://net-ninja.net/blog/media/blogs/b/exploits/hpoperationsmngr.html.txt http://secunia.com/advisories/39538 http://securitytracker.com/id?1023894 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-027 http://www.corelan.be:8800/wp-content/forum-file-uploads/mr_me/hpoperationsmngr.html.txt http://www.securityfocus.com/bid/39578 http://www.vupen.com/eng • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •