Информационная безопасность
[RU] switch to English


Выполнение кода в HP OpenView Network Node Manager
Опубликовано:13 января 2011 г.
Источник:
SecurityVulns ID:11350
Тип:удаленная
Уровень опасности:
6/10
Описание:Проблема нефильтруемых шел-символов в CGI-скриптах позволяет выполнение кода.
Затронутые продукты:HP : OpenView Network Node Manager 7.51
 HP : OpenView Network Node Manager 7.53
CVE:CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability.")
 CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.)
 CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.)
 CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.)
 CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.)
 CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.)
 CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.)
 CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.)
 CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.)
 CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.)
 CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (13.01.2011)
 documentIDEFENSE, iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability (13.01.2011)

DoS против PHP
Опубликовано:13 января 2011 г.
Источник:
SecurityVulns ID:11349
Тип:библиотека
Уровень опасности:
5/10
Описание:Вечный цикл в функции zend_strtod
Оригинальный текстdocumentUBUNTU, [USN-1042-1] PHP vulnerabilities (13.01.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород