CVE-2009-4000

Related Files

HP Power Manager "formExportDataLogs" Directory Traversal

Posted Jan 21, 2010

Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitation error when handling "fileName" parameters passed to /goform/formExportDataLogs. This can be exploited to overwrite arbitrary files with almost arbitrary data via directory traversal attacks. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.

tags | advisory, arbitrary, file inclusion

advisories | CVE-2009-4000

SHA-256 | be4b9c605f1e45334909465187ee5e897a6299693f76211f87cc8076ab39e313

Download | Favorite | View

HP Security Bulletin HPSBMA02485 SSRT090252

Posted Jan 20, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Power Manager. The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2009-3999, CVE-2009-4000

SHA-256 | 75dc8a05f116b4ff10d5280b49741f919e170bd154f9b188374109751a2eeee9

Download | Favorite | View