Published: 13/05/2010 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote malicious users to execute arbitrary code via an invalid iCount parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp openview network node manager 7.51
hp openview network node manager 7.0.1
hp openview network node manager 7.53

The getnnmdataexe CGI in HP OpenView NNM suffers from an invalid icount remote code execution vulnerability ...

## # $Id: hp_nnm_getnnmdata_icountrb 12121 2011-03-24 00:49:33Z swtornio $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

# Exploit Title: HP OpenView NNM getnnmdataexe CGI Invalid ICount Remote Code Execution # Date: 20100702 # Author: S2 Crew [Hungary] # Software Link: hpcom # Version: 753 # Tested on: Windows 2003 # CVE: CVE-2010-1554 # Code : #!/usr/bin/python import struct import socket import httplib import urllib # calcexe Windows Execute Command sc2 ...

CWE-119 http://marc.info/?l=bugtraq&m=127360750704351&w=2 http://zerodayinitiative.com/advisories/ZDI-10-085/http://www.exploit-db.com/exploits/14181 http://securityreason.com/securityalert/8154 http://www.securityfocus.com/archive/1/511249/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/91443/HP-OpenView-NNM-getnnmdata.exe-CGI-Invalid-ICount-Remote-Code-Execution.html https://www.exploit-db.com/exploits/17040/

CVE-2010-1554

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect