HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
https://exchange.xforce.ibmcloud.com/vulnerabilities/21999
http://www.securityfocus.com/bid/14662
http://www.securityfocus.com/advisories/9150