Published: 10/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote malicious users to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp openview network node manager 7.51
hp openview network node manager 7.0.1
hp openview network node manager 7.53

## # $Id: hp_nnm_ovalarm_langrb 10998 2010-11-11 22:43:22Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

#!/usr/bin/python # HP NNP ovalarmexe CGI Remote Buffer Overflow - Pre Authentication # Tested on XP SP3 + IIS + NNM Release B0750 # Authors: muts & sinn3r (x90sinner {at} gmailc0m) # Reference: dvlabstippingpointcom/advisory/TPTI-09-12 # wwwoffensive-securitycom/0day/exploit-nnm-ovalarmpytxt # # ** Big thanks to dook ...

CWE-119 http://www.securityfocus.com/bid/37261 http://dvlabs.tippingpoint.com/advisory/TPTI-09-12 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 http://marc.info/?l=bugtraq&m=126046355120442&w=2 http://www.securityfocus.com/bid/37347 https://exchange.xforce.ibmcloud.com/vulnerabilities/54657 http://www.securityfocus.com/archive/1/508355/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16797/

CVE-2009-4179

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect