Computer Security
[EN] securityvulns.ru no-pyccku


HP Power Manager code execution
updated since 05.11.2009
Published:21.01.2010
Source:
SecurityVulns ID:10370
Type:remote
Threat Level:
5/10
Description:Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal.
Affected:HP : HP Power Manager 4.2
CVE:CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.)
 CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.)
 CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.)
Original documentdocumentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal (21.01.2010)
 documentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow (20.01.2010)
 documentHP, [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentZDI, ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability (08.11.2009)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (05.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod