Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-10-137
HistoryJul 21, 2010 - 12:00 a.m.

Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability

2010-07-2100:00:00
Anonymous
www.zerodayinitiative.com
18

EPSS

0.961

Percentile

99.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

Related

seebug 1
exploitdb 2
metasploit 1
packetstorm 2
prion 1
securityvulns 4
zdt 2
cve 1
nvd 1
checkpoint_advisories 2
exploitpack 1
cvelist 1
openvas 1
nessus 3
seebug
seebug
HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution
2014-07-01 00:00:00
exploitdb
exploitdb
HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Remote Buffer Overflow (Metasploit)
2011-03-23 00:00:00
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution
2010-09-06 00:00:00
metasploit
metasploit
HP OpenView Network Node Manager execvp_nc Buffer Overflow
2011-03-23 03:23:06
packetstorm
packetstorm
Month Of Abysssec Undisclosed Bugs - HP OpenView NNM
2010-09-08 00:00:00
HP NNM CGI webappmon.exe execvp Buffer Overflow
2011-03-23 00:00:00
prion
prion
Stack overflow
2010-07-28 12:48:00
securityvulns
securityvulns
[security bulletin] HPSBMA02557 SSRT100025 rev.1- HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code
2010-07-22 00:00:00
VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow (CVE-2010-2703)
2010-07-22 00:00:00
ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability
2010-07-22 00:00:00
zdt
zdt
HP OpenView NNM webappmon.exe execvp_nc Remote Code Execution
2010-09-06 00:00:00
HP NNM CGI webappmon.exe execvp Buffer Overflow
2011-03-24 00:00:00
cve
cve
CVE-2010-2703
2010-07-28 12:48:53
nvd
nvd
CVE-2010-2703
2010-07-28 12:48:53
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow
2010-08-24 00:00:00
HP OpenView Network Node Manager netmon.exe Stack Buffer Overflow (CVE-2010-1551; CVE-2010-2703)
2010-07-22 00:00:00
exploitpack
exploitpack
HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution
2010-09-06 00:00:00
cvelist
cvelist
CVE-2010-2703
2010-07-27 22:00:00
openvas
openvas
HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability
2010-09-07 00:00:00
nessus
nessus
HP-UX PHSS_41606 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 28
2012-03-06 00:00:00
HP-UX PHSS_41607 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 28
2012-03-06 00:00:00
HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)
2011-01-21 00:00:00

EPSS

0.961

Percentile

99.5%

JSON
Related for ZDI-10-137
seebug1exploitdb2metasploit1packetstorm2prion1securityvulns4zdt2cve1nvd1checkpoint_advisories2exploitpack1cvelist1openvas1nessus3