All the vulnerabilites related to hp - openview_performance_agent
cve-2011-2608
Vulnerability from cvelistv5
Published
2011-07-01 10:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1025715 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68269 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=131188898632504&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=131188898632504&w=2 | vendor-advisory, x_refsource_HP | |
| http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/48481 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/45079 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025715"
},
{
"name": "hp-operations-ovbbccb-file-deletion(68269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269"
},
{
"name": "HPSBMU02691",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"name": "SSRT100483",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt"
},
{
"name": "48481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48481"
},
{
"name": "45079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1025715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025715"
},
{
"name": "hp-operations-ovbbccb-file-deletion(68269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269"
},
{
"name": "HPSBMU02691",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"name": "SSRT100483",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt"
},
{
"name": "48481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48481"
},
{
"name": "45079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025715",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025715"
},
{
"name": "hp-operations-ovbbccb-file-deletion(68269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269"
},
{
"name": "HPSBMU02691",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"name": "SSRT100483",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"name": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt"
},
{
"name": "48481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48481"
},
{
"name": "45079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2608",
"datePublished": "2011-07-01T10:00:00",
"dateReserved": "2011-07-01T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4349
Vulnerability from cvelistv5
Published
2008-10-23 21:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4501 | third-party-advisory, x_refsource_SREASON | |
| http://marc.info/?l=bugtraq&m=122876677518654&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1021092 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46028 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27054 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2007-83/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/497648/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/31860 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2888 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122876827120961&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=122876827120961&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4501"
},
{
"name": "HPSBMA02391",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876677518654\u0026w=2"
},
{
"name": "1021092",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021092"
},
{
"name": "ov-traceservice-rpc-dos(46028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46028"
},
{
"name": "27054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27054"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-83/"
},
{
"name": "20081022 Secunia Research: HP OpenView Products Shared Trace Service Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497648/100/0/threaded"
},
{
"name": "31860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31860"
},
{
"name": "ADV-2008-2888",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2888"
},
{
"name": "HPSBMA02390",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"name": "SSRT071481",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "4501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4501"
},
{
"name": "HPSBMA02391",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876677518654\u0026w=2"
},
{
"name": "1021092",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021092"
},
{
"name": "ov-traceservice-rpc-dos(46028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46028"
},
{
"name": "27054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27054"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-83/"
},
{
"name": "20081022 Secunia Research: HP OpenView Products Shared Trace Service Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497648/100/0/threaded"
},
{
"name": "31860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31860"
},
{
"name": "ADV-2008-2888",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2888"
},
{
"name": "HPSBMA02390",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"name": "SSRT071481",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-4349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4501"
},
{
"name": "HPSBMA02391",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122876677518654\u0026w=2"
},
{
"name": "1021092",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021092"
},
{
"name": "ov-traceservice-rpc-dos(46028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46028"
},
{
"name": "27054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27054"
},
{
"name": "http://secunia.com/secunia_research/2007-83/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-83/"
},
{
"name": "20081022 Secunia Research: HP OpenView Products Shared Trace Service Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497648/100/0/threaded"
},
{
"name": "31860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31860"
},
{
"name": "ADV-2008-2888",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2888"
},
{
"name": "HPSBMA02390",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"name": "SSRT071481",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-4349",
"datePublished": "2008-10-23T21:00:00",
"dateReserved": "2007-08-14T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4420
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://innermedia.com/upgrades.html"
},
{
"name": "20060725 [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441083"
},
{
"name": "19143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19143"
},
{
"name": "HPSBMA02396",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "53478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/dynazip5007-en.html"
},
{
"name": "20060725 [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441084"
},
{
"name": "21180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21180"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/turbozip6-en.html"
},
{
"name": "ADV-2006-2957",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2957"
},
{
"name": "34659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34659"
},
{
"name": "SSRT080175",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "ADV-2009-0980",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://innermedia.com/upgrades.html"
},
{
"name": "20060725 [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441083"
},
{
"name": "19143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19143"
},
{
"name": "HPSBMA02396",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "53478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/dynazip5007-en.html"
},
{
"name": "20060725 [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441084"
},
{
"name": "21180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21180"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/turbozip6-en.html"
},
{
"name": "ADV-2006-2957",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2957"
},
{
"name": "34659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34659"
},
{
"name": "SSRT080175",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "ADV-2009-0980",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022021",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022021"
},
{
"name": "http://innermedia.com/upgrades.html",
"refsource": "MISC",
"url": "http://innermedia.com/upgrades.html"
},
{
"name": "20060725 [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441083"
},
{
"name": "19143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19143"
},
{
"name": "HPSBMA02396",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "53478",
"refsource": "OSVDB",
"url": "http://osvdb.org/53478"
},
{
"name": "http://vuln.sg/dynazip5007-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/dynazip5007-en.html"
},
{
"name": "20060725 [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441084"
},
{
"name": "21180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21180"
},
{
"name": "http://vuln.sg/turbozip6-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/turbozip6-en.html"
},
{
"name": "ADV-2006-2957",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2957"
},
{
"name": "34659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34659"
},
{
"name": "SSRT080175",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"name": "ADV-2009-0980",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4420",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-10-23 22:00
Modified
2024-11-21 00:35
Severity ?
Summary
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | openview_performance_agent | c.04.60 | |
| hp | openview_performance_agent | c.04.61 | |
| hp | openview_reporter | 3.70 | |
| hp | performance_agent | 4.70 | |
| hp | reporter | 3.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9374AB08-64F6-4376-BF01-652E88A7E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:c.04.61:*:*:*:*:*:*:*",
"matchCriteriaId": "15053C63-0407-422A-9E7B-591E336D6121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:openview_reporter:3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "380F0F94-E4D6-4630-AC10-C4D8922760A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_agent:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "4B769539-D927-4086-9160-F162488F5337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:reporter:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCEDB40-6EC3-4F4F-A2E5-5B223AA58DDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference."
},
{
"lang": "es",
"value": "El servicio Shared Trace (tambi\u00e9n se conoce como OVTrace) en HP Performance Agent versi\u00f3n C.04.70 (4.70), HP OpenView Performance Agent versiones C.04.60 y C.04.61, HP Reporter versi\u00f3n 3.8 y HP OpenView Reporter versi\u00f3n 3.7 (Informe 3.70), permite a los atacantes remotos causar una denegaci\u00f3n de servicio por medio de una serie no especificada de peticiones RPC (tambi\u00e9n se conoce como Mensajes de Eventos de Rastreo) que desencadena un acceso de memoria fuera de l\u00edmites, relacionado con una referencia de objeto err\u00f3nea."
}
],
"id": "CVE-2007-4349",
"lastModified": "2024-11-21T00:35:22.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-23T22:00:01.027",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://marc.info/?l=bugtraq\u0026m=122876677518654\u0026w=2"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27054"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-83/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/4501"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/497648/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31860"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021092"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2888"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122876677518654\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122876827120961\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-83/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46028"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2024-11-21 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| hp | openview_performance_agent | c.04.60 | |
| hp | openview_performance_agent | c.04.70 | |
| hp | openview_performance_agent | c.04.72 | |
| innermedia | dynazip_max | * | |
| innermedia | dynazip_max_secure | * | |
| filestream | turbozip | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9374AB08-64F6-4376-BF01-652E88A7E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:c.04.70:*:*:*:*:*:*:*",
"matchCriteriaId": "3C139A64-A700-404C-97B7-BD209330E1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:c.04.72:*:*:*:*:*:*:*",
"matchCriteriaId": "FBABDAE7-CE5A-40A3-967C-C7E69E43C981",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:innermedia:dynazip_max:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A66321F-E234-4F65-A365-0FA4C8B2CF28",
"versionEndIncluding": "5.0.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:innermedia:dynazip_max_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D400AB64-1D9B-4EB9-8834-89A44C0FABDD",
"versionEndIncluding": "6.0.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filestream:turbozip:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "372BDE07-E17C-49D0-8707-740AD5B870A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en DZIP32.DLL en versiones anteriores a v5.0.0.8 en DynaZip Max y DZIPS32.DLL en versiones anteriores a v6.0.0.5 e DynaZip Max Secure, cuando son usados en HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 y C.04.72, TurboZIP 6.0 y otros productos, permiten a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s un nombre largo de fichero ZIP durante una acci\u00f3n de (1) \"Fix\" (reparar), (2) a\u00f1adir, (3) actualizar o (4) refrescar. Este asunto est\u00e1 relacionado con el CVE-2006-3985."
}
],
"id": "CVE-2008-4420",
"lastModified": "2024-11-21T00:51:38.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-13T16:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"source": "cve@mitre.org",
"url": "http://innermedia.com/upgrades.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53478"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21180"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34659"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://vuln.sg/dynazip5007-en.html"
},
{
"source": "cve@mitre.org",
"url": "http://vuln.sg/turbozip6-en.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441084"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19143"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022021"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2957"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://innermedia.com/upgrades.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://vuln.sg/dynazip5007-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vuln.sg/turbozip6-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0980"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-01 10:55
Modified
2024-11-21 01:28
Severity ?
Summary
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | openview_performance_agent | 4.70 | |
| hp | openview_performance_agent | 5.0 | |
| hp | operations_agent | 8.53 | |
| hp | operations_agent | 8.60.005 | |
| hp | operations_agent | 8.60.006 | |
| hp | operations_agent | 8.60.007 | |
| hp | operations_agent | 8.60.008 | |
| hp | operations_agent | 8.60.501 | |
| hp | operations_agent | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA79F3-E5AD-4C68-AF18-9C5EB7CC8B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:openview_performance_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF11BCFE-6B7F-44EE-83B9-24DA4035D744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCC7E2F-90D5-479F-939E-D4C49BB90A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.60.005:*:*:*:*:*:*:*",
"matchCriteriaId": "3B21B789-BED5-4881-B76A-BC99402A23DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.60.006:*:*:*:*:*:*:*",
"matchCriteriaId": "936C02A6-426E-4156-99D1-F42F34B17FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.60.007:*:*:*:*:*:*:*",
"matchCriteriaId": "5777744D-D541-4FC7-957B-2A03E9A19DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.60.008:*:*:*:*:*:*:*",
"matchCriteriaId": "8284C19E-D75F-4CF0-B39A-26449C9827A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:8.60.501:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EDA541-9522-4E4A-8D7A-D7BDDD334890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:operations_agent:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D408D339-7FD3-4523-ABFD-0FA25465EF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command."
},
{
"lang": "es",
"value": "ovbbccb.exe versi\u00f3n 6.20.50.0 y otras versiones en OpenView Performance Agent versiones 4.70 y 5.0; y el Operations Agent versiones 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501 y 8.53, de HP; permite a los atacantes remotos eliminar archivos arbitrarios por medio de un nombre de ruta completo en el campo File en un comando Register."
}
],
"id": "CVE-2011-2608",
"lastModified": "2024-11-21T01:28:34.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-01T10:55:02.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45079"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48481"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131188898632504\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}