HP OpenView Network Node Manager Multiple RCE Vulnerabilities

HP OpenView Network Node Manager NNM is prone to multiple remote code-execution vulnerabilities because it fails to sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When processing crafted nameParams...

[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03054052 Version: 1 HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager OV NNM, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up...

CVE-2011-3167

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210...

Code injection

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209...

CVE-2011-3165

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208...

Code injection

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210...

Design/Logic Flaw

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208...

CVE-2011-3166

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209...

CVE-2011-3166

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209...

CVE-2011-3167

HP OpenView Network Node Manager (NNM) is affected by CVE-2011-3167, a remote code execution vulnerability in the ov.dll module. The issue is a stack-based overflow in the internal function _OVBuildPath when processing overly long input via the web CGI flow (long textFile argument to webappmon.ex...

CVE-2011-3167

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210...

CVE-2011-3165

HP OpenView Network Node Manager (OV NNM) versions 7.51 and 7.53 are affected by multiple remote code execution vulnerabilities (CVE-2011-3165, CVE-2011-3166, CVE-2011-3167) due to insufficient input validation/boundary checks in components such as nnmRptConfig.exe CGI, ov.dll (format string hand...

CVE-2011-3165

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208...

CVE-2011-3166

HP OpenView Network Node Manager (NNM) is affected by CVE-2011-3166 in the webappmon.exe CGI program, where an insufficient boundary check before a format string leads to a stack overflow and remote code execution. Exploitation is remote and unauthenticated via crafted HTTP requests. Vendor advis...

HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow (CVE-2011-1866)

A remote code execution vulnerability has been reported in HP OpenView Storage Data Protector. The vulnerability is due to insufficient boundary checking while handling EXECCMD messages. A remote attacker may exploit this vulnerability by sending a specially crafted EXECCMD to an affected service...

Cross site scripting

Cross-site scripting XSS vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-2410

Cross-site scripting XSS vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-2410

CVE-2011-2410 is an XSS vulnerability in HP OpenView Performance Insight (versions 5.3, 5.31, 5.4, 5.41, 5.41.001, 5.41.002). The available documents consistently describe a cross-site scripting flaw that lets an attacker inject arbitrary web script or HTML via unspecified vectors. Connected sour...

CVE-2011-2410

Cross-site scripting XSS vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...