Lucene search

Power Manager Security Vulnerabilities - May

cve

CVE-2009-2685

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.

6.9AI Score

0.594EPSS

2009-11-06 03:30 PM

cve

CVE-2009-3999

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

6.8AI Score

0.937EPSS

2010-01-20 10:30 PM

cve

CVE-2009-4000

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

7.3AI Score

0.693EPSS

2010-01-20 10:30 PM

cve

CVE-2010-4113

Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.

8AI Score

0.575EPSS

2010-12-22 09:00 PM

cve

CVE-2011-0277

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

7.2AI Score

0.003EPSS

2011-02-09 01:00 AM

cve

CVE-2011-0280

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL p...

5.8AI Score

0.013EPSS

2011-03-14 07:55 PM