Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.
Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors.
Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.
HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
HP Remote Watch allows a remote user to gain root access.
Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.