CVE-2009-4997
https://notcve.org/view.php?id=CVE-2009-4997
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. gnome-power-manager v2.27.92 no implementa apropiadamente las características "lock_on_suspend" y "lock_on_hibernate" para bloquear la pantalla cuando se pulsa el botón de suspender o hibernar, lo que podría hacer más fácil para atacantes físicamente cercanos acceder a un portátil desatendido a través de una acción de reactivación del equipo ("resume action"), un fallo relacionado con CVE-2010-2532. NOTA: este fallo existe por una regresión que siguió a una corrección de gnome-power-manager hace unos años. • https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052 https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3999 – HP Power Manager - 'formExportDataLogs' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3999
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. Desbordamiento de pila basado en búfer en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos ejecutar código arbitrario a través de un parámetro largo "fileName". • https://www.exploit-db.com/exploits/18015 http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-47 http://securityreason.com/securityalert/8482 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4000
https://notcve.org/view.php?id=CVE-2009-4000
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. Vulnerabilidad de salto de directorio en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos sobrescribir ficheros de forma arbitraria, y ejecutar código arbitrario, a través de secuencia de salto de directorio en el parámetro "fileName". • http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-48 http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •