Published: 13/05/2010 Updated: 10/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Openview Network Node Manager

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote malicious users to execute arbitrary code via an invalid MaxAge parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp openview network node manager 7.53
hp openview network node manager 7.51
hp openview network node manager 7.0.1

The getnnmdataexe CGI in HP OpenView NNM suffers from an invalid maxage remote code execution vulnerability ...

# Exploit Title: HP OpenView NNM getnnmdataexe CGI Invalid MaxAge Remote Code Execution # Date: 20100702 # Author: S2 Crew [Hungary] # Software Link: hpcom # Version: 753 # Tested on: Windows 2003 # CVE: CVE-2010-1553 # Code : #!/usr/bin/python import struct import socket import httplib import urllib # calcexe Windows Execute Command sc2 ...

## # $Id: hp_nnm_getnnmdata_maxagerb 12121 2011-03-24 00:49:33Z swtornio $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

CWE-119 http://zerodayinitiative.com/advisories/ZDI-10-084/http://marc.info/?l=bugtraq&m=127360750704351&w=2 http://securityreason.com/securityalert/8153 http://www.securityfocus.com/archive/1/511241/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/91442/HP-OpenView-NNM-getnnmdata.exe-CGI-Invalid-MaxAge-Remote-Code-Execution.html https://www.exploit-db.com/exploits/14180/

CVE-2010-1553

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect