CVE-2009-4176
https://notcve.org/view.php?id=CVE-2009-4176
Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe. Múltiples desbordamientos del búfer de la pila en ovsessionmgr.exe en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar codigo arbitrario a través del parámetro largo (1) "userid" o (2) "passwd" a ovlogin.exe. • http://dvlabs.tippingpoint.com/advisory/TPTI-09-09 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508352/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37330 https://exchange.xforce.ibmcloud.com/vulnerabilities/54660 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3846
https://notcve.org/view.php?id=CVE-2009-3846
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter. Múltiples desbordamientos de búfer en ovlogin.exe in HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código arbitrario a través de una parámetro largo (1) "userid" o (2) "passwd". • http://dvlabs.tippingpoint.com/advisory/TPTI-09-08 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508350/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37295 https://exchange.xforce.ibmcloud.com/vulnerabilities/54658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3848 – Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3848
Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function. Desbordamiento de búfer en nnmRptConfig.exe en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código arbitrario a través del parámetro largo "Template", relacionado con la función vsprintf. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables, the vulnerable process copies the contents of the Template parameter into a fixed length stack buffer using a vsprintf() call. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508346/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37296 http://zerodayinitiative.com/advisories/ZDI-09-096 https://exchange.xforce.ibmcloud.com/vulnerabilities/54653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3845 – Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3845
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts. El servidor HTTP port-3443 en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro "hostname" a secuencias de comandos Perl sin especificar. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables distributed with Network Node Manager (NNM). Several of these applications fail to sanitize the hostname HTTP variable when requests are made to the NNM HTTP server which listens by default on TCP port 3443. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508345/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37300 http://zerodayinitiative.com/advisories/ZDI-09-094 https://exchange.xforce.ibmcloud.com/vulnerabilities/54651 •
CVE-2009-3849 – Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3849
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe. Múltiples desbordamientos del búfer de la pila en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar código arbitrario a través de (1)el parámetro largo "Template" a nnmRptConfig.exe, relacionado con la función strcat; o (2) un parámetro "Oid" a snmp.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Template parameter into a fixed length stack buffer using a strcat call. • https://www.exploit-db.com/exploits/16780 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/archive/1/508348/100/0/threaded http://www.securityfocus.com/archive/1/508349/100/0/threaded http://www.securityfocus.com/bid/37261 http://www.securityfocus.com/bid/37298 http://www.securityfocus.com/bid/37299 http://zerodayinitiative.com/advisories/ZDI-09-095 http://zerodayi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •