This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.
0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0
Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing parameters sent to the /goform/formExportDataLogs URL. This can be exploited to cause a stack-based buffer overflow via an overly long "fileName" parameter. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.
fbf4697d7b193b303eab401b5d9ec51a535b6334f69e22214ec5cb25d1d89dd6
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Power Manager. The vulnerabilities could be exploited remotely to execute arbitrary code.
75dc8a05f116b4ff10d5280b49741f919e170bd154f9b188374109751a2eeee9