CVSS: 10.0EPSS: 58%CPEs: 2EXPL: 0CVE-2011-3165 – HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3165
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208. Una vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, también conocido como ZDI-CAN-1208. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When processing crafted nameParams parameters, there exists an insufficient boundary check that can lead to a insufficient heap buffer, enabling a heap overflow. • http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •
CVSS: 10.0EPSS: 58%CPEs: 2EXPL: 0CVE-2011-3166 – HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3166
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209. Vulnerabilidad no especificada en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. También conocido como ZDI-CAN-1209. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. • http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •
CVSS: 10.0EPSS: 95%CPEs: 2EXPL: 1CVE-2011-3167 – HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3167
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210. Vunerabilidad sin especificr en HP OpenView Network Node Manager (OV NNM) 7.51 y 7.53 permite a atacantes remotos ejeuctar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1210. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. • https://www.exploit-db.com/exploits/18388 http://marc.info/?l=bugtraq&m=132017799623289&w=2 http://securityreason.com/securityalert/8484 http://www.securitytracker.com/id?1026260 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2011-0271
https://notcve.org/view.php?id=CVE-2011-0271
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." Los scripts CGI en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 no validan correctamente un parámetro no especificado, el cual permite a atacantes remotos ejecutar código arbitrario mediante un comando string para el valor de este parámetro, relacionado con "vulnerabilidad de inyección de comando" • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=887 http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 https://exchange.xforce.ibmcloud.com/vulnerabilities/64657 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 0CVE-2011-0261 – HP OpenView Network Node Manager jovgraph.exe displayWidth Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0261
Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter. Vulnerabilidad no especificada en jovgraph.exe en jovgraph en HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a atacantes remotos ejecutar código arbitrario mediante una opción displayWidth mal-formada en el parámetro arg. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request to the target host. The specific flaw exists within jovgraph.exe, a Java-based grapher that extends the SNMP Data Presenter to include xnmgraph-like applications created by the application builder. • http://www.securityfocus.com/archive/1/515628 http://www.securityfocus.com/bid/45762 http://www.securitytracker.com/id?1024951 http://www.vupen.com/english/advisories/2011/0085 http://www.zerodayinitiative.com/advisories/ZDI-11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64655 •