9 matches found
CVE-2009-3843
CVE-2009-3843 : The HP Operations Manager 8.10 on Windows is reported to contain a hidden Tomcat user account in an XML file. This enables a remote attacker to perform an unrestricted file upload via /manager/html/upload and execute arbitrary code. Connected sources reference Tomcat manager uploa...
CVE-2014-2648
CVE-2014-2648 affects HP Operations Manager for UNIX versions 9.10 and 9.11, with a remote code execution vulnerability reported by HP/HP Security Bulletin HPSBMU03127. The exact attack vectors are not detailed in the provided documents, but the vulnerability allows an unauthenticated remote atta...
CVE-2009-4189
CVE-2009-4189 : HP Operations Manager uses a default OvWebusr password for the ovwebusr account, enabling a remote attacker to trigger arbitrary code execution via the Tomcat manager servlet’s session with the manager role. Note that this CVE may overlap with CVE-2009-3099 and CVE-2009-3843. Expl...
CVE-2009-3099
Technical details for CVE-2009-3099 are not publicly available in the provided documents; no affected products, vectors, or fixes are disclosed. Monitor for updates.
CVE-2014-2649
HP Operations Manager for UNIX (HP-UX) versions 9.10, 9.11 and 9.20 are identified as affected by CVE-2014-2649, a remote code execution vulnerability. The vulnerability is described as unspecified in vectors, enabling an unauthenticated attacker to execute arbitrary code on a remote host. HP’s s...
CVE-2010-1033
CVE-2010-1033 affects HP Operations Manager for Windows (versions 7.5, 8.10, 8.16) via a vulnerability in the SourceView ActiveX controls (srcvw32.dll and srcvw4.dll). The issue is described as multiple stack-based buffer overflows triggered by long strings passed to LoadFile or SaveFile, enablin...
CVE-2016-1985
CVE-2016-1985 affects HPE Operations Manager 8.x and 9.0 on Windows. The vulnerability is due to unsafe deserialization of crafted Java objects via Apache Commons Collections, enabling remote code execution when processing a crafted serialized payload (e.g., via SOAP). The CVSS metrics in the pro...
CVE-2016-4373
The CVE-2016-4373 entry concerns the AdminUI of HP Operations Manager (OM) before 9.21.130 on Linux/Unix/Solaris. It allows remote attackers to execute arbitrary commands by sending a crafted serialized Java object related to the Apache Commons Collections (ACC) library, i.e., remote code executi...
CVE-2016-4380
CVE-2016-4380 affects HPE Operations Manager (AdminUI) 9.21.x prior to 9.21.130. Description: Cross-site scripting (XSS) vulnerability in the AdminUI that allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Root cause: inadequate input handling in the...