CVE-2010-1960 – Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1960
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe. Desbordamiento de búffer en la funcionalidad de manejo de errores en ovwebsnmpsrv.exe en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código de su elección a través de una opción inválidad y larga en jovgraph.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. When the ovwebsnmpsrv.exe process is started a function responsible for parsing command line arguments does not properly handle unrecognized options. • https://www.exploit-db.com/exploits/17043 http://marc.info/?l=bugtraq&m=127602909915281&w=2 http://secunia.com/advisories/40101 http://www.securityfocus.com/archive/1/511734/100/0/threaded http://www.securityfocus.com/bid/40637 http://www.securitytracker.com/id?1024071 http://www.zerodayinitiative.com/advisories/ZDI-10-105 https://exchange.xforce.ibmcloud.com/vulnerabilities/59249 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1961 – Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1961
Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function. Desbordamiento de búffer en ovutil.dll de ovwebsnmpsrv.exe de HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a los atacantes remotos ejecutar código a su elección a través de variables no especificadas a jovgraph.exe, que no son manejadas adecuadamente en una llamada a la función "sprintf". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. • https://www.exploit-db.com/exploits/17044 http://marc.info/?l=bugtraq&m=127602909915281&w=2 http://secunia.com/advisories/40101 http://www.securityfocus.com/archive/1/511731/100/0/threaded http://www.securityfocus.com/bid/40638 http://www.securitytracker.com/id?1024071 http://www.zerodayinitiative.com/advisories/ZDI-10-106 https://exchange.xforce.ibmcloud.com/vulnerabilities/59250 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1550 – HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1550
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. Vulnerabilidad de formato de cadena en ovet_demandpoll.exe en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar código de su elección a través de especificadores de formato de cadenas en el parámetros "sel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This process can be started by invoking the webappmon.exe CGI application through the webserver. • http://marc.info/?l=bugtraq&m=127360750704351&w=2 http://www.securityfocus.com/archive/1/511245/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-081 • CWE-134: Use of Externally-Controlled Format String •
CVE-2010-1551 – HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1551
Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter. Desbordamiento de búfer basado en pila en la función _OVParseLLA en ov.dll en netmon.exe en Network Monitor en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar código de su elección a través del parámetro "sel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon. This process can be started by invoking the webappmon.exe CGI application through the webserver. • http://marc.info/?l=bugtraq&m=127360750704351&w=2 http://www.securityfocus.com/archive/1/511247/100/0/threaded http://www.securityfocus.com/bid/40067 http://zerodayinitiative.com/advisories/ZDI-10-082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1552 – HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1552
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters. Desbordamiento de búfer basado en pila en la función doLoad en snmpviewer.exe en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar código de su elección a través de los parámetros "act" y "app". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier and unsanitized user input retrieved from two separate POST variables (act and app). • https://www.exploit-db.com/exploits/17039 http://marc.info/?l=bugtraq&m=127360750704351&w=2 http://securityreason.com/securityalert/8157 http://www.securityfocus.com/archive/1/511248/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-083 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •