HP » Network Node Manager : Security Vulnerabilities, CVEs,
CVE-2009-0920
Public exploit
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
Max CVSS
7.5
EPSS Score
74.94%
Published
2009-03-25
Updated
2018-10-10
Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors.
Max CVSS
10.0
EPSS Score
0.23%
Published
2010-02-11
Updated
2019-10-09
Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.
Max CVSS
10.0
EPSS Score
5.63%
Published
2009-03-25
Updated
2018-10-10
HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-02-08
Updated
2017-07-29
4 vulnerabilities found