CVE-2006-7240
https://notcve.org/view.php?id=CVE-2006-7240
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. gnome-power-manager v2.14.0 no aplica adecuadamente los valores de 'lock_on_suspend lock_on_hibernate' y 'lock_on_hibernate' para bloquear la pantalla cuando el botón de suspender o hibernar se presiona, lo que podría hacer más fácil el acceso a un portátil desatendido a los atacantes físicamente cercanos a través de una acción de 'curriculum vitae'. Se trata de un problema relacionada con el CVE-2010-2532. • https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3999 – HP Power Manager - 'formExportDataLogs' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3999
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. Desbordamiento de pila basado en búfer en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos ejecutar código arbitrario a través de un parámetro largo "fileName". • https://www.exploit-db.com/exploits/18015 http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-47 http://securityreason.com/securityalert/8482 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4000
https://notcve.org/view.php?id=CVE-2009-4000
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. Vulnerabilidad de salto de directorio en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos sobrescribir ficheros de forma arbitraria, y ejecutar código arbitrario, a través de secuencia de salto de directorio en el parámetro "fileName". • http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-48 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •