• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities

HP OpenView Network Node Manager is prone to multiple remote arbitrary command-execution vulnerabilities.

These issue arise when the user-specified 'node' URI parameter of various scripts is used as part of a command to be executed with the 'system()' function.

These issues may facilitate unauthorized remote access in the context of the webserver to the affected computer.

These issues affect version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms are also affected. Other versions and platforms are also likely affected.