exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow
Posted Jan 22, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintf_new" in the "isWide" function within "ovalarm.exe". A stack buffer overflow occurs when processing an HTTP request that contains the following. 1. An "Accept-Language" header longer than 100 bytes 2. An "OVABverbose" URI variable set to "on", "true" or "1" The vulnerability is related to "_WebSession::GetWebLocale()" .. NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.

tags | exploit, web, overflow, arbitrary, cgi
advisories | CVE-2009-4179
SHA-256 | e54d42cfbc8bbc738ef568c5e491af71d30811bb7fa5db456ba682b823955033
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Dutch Police Read Messages Of Encrypted Messenger Exclu
Posted Feb 6, 2023

tags | headline, government, privacy, phone, spyware, netherlands
School Laptop Auction Devolves Into Extortion Allegation
Posted Feb 6, 2023

tags | headline, government, privacy, usa, data loss
Iran Crew Stole Charlie Hebdo Database, Says Microsoft
Posted Feb 6, 2023

tags | headline, hacker, privacy, microsoft, data loss, iran
No Evidence Global Ransomware Hack Was By State Entity, Italy Says
Posted Feb 6, 2023

tags | headline, hacker, malware, italy, cryptography
Former Ubiquiti Dev Pleads Guilty In Data Theft And Extortion Case
Posted Feb 3, 2023

tags | headline, cybercrime, data loss, fraud
Passion Botnet Cyberattacks Hit Healthcare
Posted Feb 3, 2023

tags | headline, malware, denial of service, botnet
HeadCrab Malware Compromised 1,200 Redis Servers
Posted Feb 3, 2023

tags | headline, hacker, malware, data loss, backdoor
Hate It When That Happens: China Says It's Checking If It Accidentally Sent A Spy Balloon To Montana
Posted Feb 3, 2023

tags | headline, government, usa, china, cyberwar, spyware, military
Ransomware Attack On Data Firm ION Could Take Days To Fix
Posted Feb 2, 2023

tags | headline, hacker, malware, cybercrime, data loss, fraud, cryptography
Enter The Hunter Satellites Preparing For Space War
Posted Feb 2, 2023

tags | headline, space, cyberwar, science
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close