CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4380 – HP Security Bulletin HPSBGN03637 1
https://notcve.org/view.php?id=CVE-2016-4380
31 Aug 2016 — Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. A potential vulnerability has been identified in the AdminUI of the HP ... • http://www.securityfocus.com/bid/92698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2016-4373 – HP Security Bulletin HPSBGN03630 1
https://notcve.org/view.php?id=CVE-2016-4373
26 Jul 2016 — The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). A v... • http://www.securityfocus.com/bid/92122 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2016-1985 – HP Security Bulletin HPSBGN03542 1
https://notcve.org/view.php?id=CVE-2016-1985
29 Jan 2016 — HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Operations Manager 8.x y 9.0 en Windows permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Operat... • http://www.securityfocus.com/bid/82259 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 27%CPEs: 3EXPL: 1CVE-2010-1033 – HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1033
21 Apr 2010 — Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Tetradyne en HP Operations Manager v7.5, v8.10 y anteriores, podría permitir a atacantes remotos ejecutar código de su elección a través de un argumento ... • https://www.exploit-db.com/exploits/12302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2009-3099 – HP Operations Manager - Default Manager 8.1 Account Remote Security
https://notcve.org/view.php?id=CVE-2009-3099
08 Sep 2009 — Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad... • https://www.exploit-db.com/exploits/33210 •