HP : Security Vulnerabilities, CVEs, Published In December 2009
CVE-2009-4189
Public exploit
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Max CVSS
10.0
EPSS Score
0.43%
Published
2009-12-03
Updated
2009-12-04
CVE-2009-4188
Public exploit
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.
Max CVSS
10.0
EPSS Score
3.12%
Published
2009-12-03
Updated
2009-12-04
CVE-2009-4179
Public exploit
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
Max CVSS
10.0
EPSS Score
95.16%
Published
2009-12-10
Updated
2018-10-10
CVE-2009-4178
Public exploit
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
Max CVSS
10.0
EPSS Score
96.49%
Published
2009-12-10
Updated
2018-10-10
CVE-2009-3849
Public exploit
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
Max CVSS
10.0
EPSS Score
96.67%
Published
2009-12-10
Updated
2018-10-10
CVE-2009-3844
Public exploit
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
Max CVSS
10.0
EPSS Score
96.35%
Published
2009-12-08
Updated
2018-10-10
CVE-2007-2280
Public exploit
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
Max CVSS
10.0
EPSS Score
96.07%
Published
2009-12-18
Updated
2009-12-23
7 vulnerabilities found