Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Network Node Manage multiple security vulnerabilities
Published:12.05.2010
Source:
SecurityVulns ID:10827
Type:remote
Threat Level:
5/10
Description:Vulnerabilities in multiple CGI applications.
Affected:HP : OpenView Network Node Manager 7.53
CVE:CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.)
 CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.)
 CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.)
 CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.)
 CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter.)
 CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.)
Original documentdocumentZDI, ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability (12.05.2010)
 documentHP, [security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (12.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod