
CVE-2008-1842 – HP OpenView Network Node Manager 7.x - 'ovspmd' Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1842
16 Apr 2008 — Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. Error en la propiedad signedness de enteros en el archivo ovspmd.exe en HP OpenView Network Node Manager (OV NNM) versiones 8.01 y 7.53 y anteriores,... • https://www.exploit-db.com/exploits/31629 • CWE-189: Numeric Errors •

CVE-2008-1697 – HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)
https://notcve.org/view.php?id=CVE-2008-1697
08 Apr 2008 — Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca ovwparser.dll en HP OpenView Network Node Manager (OV NNM) versiones 7.53, 7.51 y a... • https://www.exploit-db.com/exploits/5342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2008-0212
https://notcve.org/view.php?id=CVE-2008-0212
06 Feb 2008 — ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. ovtopmd en HP OpenView Network Node Manager (OV NNM) versiones 6.41, 7.01 y 7.51, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de una petición TCP diseñada que desencadena un acceso de memoria fuera de límites. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=652 • CWE-399: Resource Management Errors •

CVE-2007-6343
https://notcve.org/view.php?id=CVE-2007-6343
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, y 7.51 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01218087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2007-6204 – Hewlett-Packard OpenView Network Node Manager Multiple CGI Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6204
06 Dec 2007 — Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. Múltiples desbordamientos de búfer en la región stack de la memoria en HP OpenView Network Node Manager (OV NNM) versiones 6.41, 7.01 y 7.51, permiten a los atacantes remotos ejecutar ... • https://www.exploit-db.com/exploits/16805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2007-1727
https://notcve.org/view.php?id=CVE-2007-1727
28 Mar 2007 — Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. Vulnerabilidad sin especificar en el HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50 y 7.51 permite a usuarios remotos autenticados acceder a ciertos privilegios facilitados mediante vectores sin especificar. • http://secunia.com/advisories/24746 •

CVE-2007-0441
https://notcve.org/view.php?id=CVE-2007-0441
23 Jan 2007 — Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, y 7.50 permite a atacantes remotos ejecutar comandos de su elección mediante vectores no especificados. • http://osvdb.org/32728 •

CVE-2007-0206
https://notcve.org/view.php?id=CVE-2007-0206
12 Jan 2007 — Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. Vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, y 7.50 permite a atacantes remotos leer ficheros de su elección mediante vectores desconocidos. • http://osvdb.org/32729 •

CVE-2006-2580
https://notcve.org/view.php?id=CVE-2006-2580
24 May 2006 — Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672314 •

CVE-2005-2773 – HP OpenView Network Node Manager Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2005-2773
02 Sep 2005 — HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system. • https://www.exploit-db.com/exploits/16887 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •