CVE-2016-4380
https://notcve.org/view.php?id=CVE-2016-4380
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92698 http://www.securitytracker.com/id/1036716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4373
https://notcve.org/view.php?id=CVE-2016-4373
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • http://www.securityfocus.com/bid/92122 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05206507 • CWE-284: Improper Access Control •
CVE-2016-1985
https://notcve.org/view.php?id=CVE-2016-1985
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Operations Manager 8.x y 9.0 en Windows permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. • http://www.securityfocus.com/bid/82259 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-1033 – HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1033
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Tetradyne en HP Operations Manager v7.5, v8.10 y anteriores, podría permitir a atacantes remotos ejecutar código de su elección a través de un argumento largo a los métodos (1) LoadFile o (2) SaveFile. Relacionado con srcvw32.dll y srcvw4.dll. • https://www.exploit-db.com/exploits/12302 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800 http://net-ninja.net/blog/media/blogs/b/exploits/hpoperationsmngr.html.txt http://secunia.com/advisories/39538 http://securitytracker.com/id?1023894 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-027 http://www.corelan.be:8800/wp-content/forum-file-uploads/mr_me/hpoperationsmngr.html.txt http://www.securityfocus.com/bid/39578 http://www.vupen.com/eng • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •