CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4380
https://notcve.org/view.php?id=CVE-2016-4380
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92698 http://www.securitytracker.com/id/1036716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4373
https://notcve.org/view.php?id=CVE-2016-4373
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • http://www.securityfocus.com/bid/92122 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05206507 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1985
https://notcve.org/view.php?id=CVE-2016-1985
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Operations Manager 8.x y 9.0 en Windows permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. • http://www.securityfocus.com/bid/82259 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 28%CPEs: 3EXPL: 1CVE-2010-1033 – HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1033
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Tetradyne en HP Operations Manager v7.5, v8.10 y anteriores, podría permitir a atacantes remotos ejecutar código de su elección a través de un argumento largo a los métodos (1) LoadFile o (2) SaveFile. Relacionado con srcvw32.dll y srcvw4.dll. • https://www.exploit-db.com/exploits/12302 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800 http://net-ninja.net/blog/media/blogs/b/exploits/hpoperationsmngr.html.txt http://secunia.com/advisories/39538 http://securitytracker.com/id?1023894 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-027 http://www.corelan.be:8800/wp-content/forum-file-uploads/mr_me/hpoperationsmngr.html.txt http://www.securityfocus.com/bid/39578 http://www.vupen.com/eng • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2009-3099 – HP Operations Manager - Default Manager 8.1 Account Remote Security
https://notcve.org/view.php?id=CVE-2009-3099
Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en HP OpenView Operations Manager v8.1 en Windows Server 2003 SP2 permite a atacantes remotos tener un impacto no determinado, relativo a "Remote exploit," como se demostró por un módulo concreto en VulnDisco Pack Professional v8.11, es una vulnerabilidad distinta a CVE-2007-3872. NOTA: como en 20090903, de esto no se tiene información de la acción. • https://www.exploit-db.com/exploits/33210 http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36541 •