HP Power Manager code execution - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

HP Power Manager code execution
updated since 05.11.2009
Published: 21.01.2010
Source: BUGTRAQ
SecurityVulns ID: 10370
Type: remote
Level: 5/10
Description: Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal.

Affected: HP : HP Power Manager 4.2
CVE: CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.)
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.)
CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.)

Original document SECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal (21.01.2010)

SECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow (20.01.2010)

HP, [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)

document HP, [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)

ZDI, ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability (08.11.2009)

HP, [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (05.11.2009)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server