CVSS: 10.0EPSS: 93%CPEs: 3EXPL: 1CVE-2009-3999 – HP Power Manager - 'formExportDataLogs' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3999
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. Desbordamiento de pila basado en búfer en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos ejecutar código arbitrario a través de un parámetro largo "fileName". • https://www.exploit-db.com/exploits/18015 http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-47 http://securityreason.com/securityalert/8482 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 69%CPEs: 5EXPL: 0CVE-2009-4000
https://notcve.org/view.php?id=CVE-2009-4000
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. Vulnerabilidad de salto de directorio en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos sobrescribir ficheros de forma arbitraria, y ejecutar código arbitrario, a través de secuencia de salto de directorio en el parámetro "fileName". • http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-48 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 59%CPEs: 1EXPL: 2CVE-2009-2685 – Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-2685
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. Desbordamiento de búfer basado en pila en el formulario de login en el servidor de gestión web en HP Power Manager permite a atacantes remotos ejecutar código de su elección mediante la variable "Login". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web based management web server. Proper bounds checking is not applied when parsing the Login variable which can result in an exploitable stack overflow. • https://www.exploit-db.com/exploits/16785 https://www.exploit-db.com/exploits/10099 http://marc.info/?l=bugtraq&m=125744000032141&w=2 http://secunia.com/advisories/37276 http://securitytracker.com/id?1023140 http://www.osvdb.org/59684 http://www.securityfocus.com/archive/1/507708/100/0/threaded http://www.securityfocus.com/bid/36933 http://www.vupen.com/english/advisories/2009/3154 http://www.zerodayinitiative.com/advisories/ZDI-09-081 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-2351
https://notcve.org/view.php?id=CVE-2007-2351
Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. Vulnerabilidad sin especificar en el HP Power Manager Remote Agent (RA) 4.0Build10 y versiones anteriores en el HP-UX B.11.11 y B.11.23 permite a usuarios locales ejecutar código de su elección mediante vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543 http://secunia.com/advisories/25066 http://www.securityfocus.com/bid/23703 http://www.securitytracker.com/id?1017977 http://www.vupen.com/english/advisories/2007/1574 https://exchange.xforce.ibmcloud.com/vulnerabilities/33965 •