Search criteria

18 vulnerabilities found for power_manager by hp

FKIE_CVE-2011-0280

Vulnerability from fkie_nvd - Published: 2011-03-14 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
References
hp-security-alert@hp.comhttp://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html
hp-security-alert@hp.comhttp://secunia.com/advisories/43058Vendor Advisory
hp-security-alert@hp.comhttp://www.securityfocus.com/bid/46830
hp-security-alert@hp.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66035
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43058Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46830
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66035
Impacted products
Vendor Product Version
hp power_manager *
hp power_manager 4.2.5
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
hp power_manager 4.2.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F6F47C-2BD0-4523-9CE9-2DF813DAD007",
              "versionEndIncluding": "4.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCE8F58-E1A8-4DFA-80B1-32BECDAF1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4CA6CE-AF65-41E9-829D-1582E53086F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6710514E-9885-4B85-9491-2760C4038C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7306F-BFC5-479E-B4AF-4DCAE01FE3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC512A-EE43-4690-9F0C-38A1E5E0FFBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Power Manager(HPPM)v4.3.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros  (1) logType de Contents/exportlogs.asp, (2) Id de Contents/pagehelp.asp, o (3) SORTORD o(4) SORTCOL de Contents/applicationlogs.asp.\r\nNOTA : algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros ."
    }
  ],
  "id": "CVE-2011-0280",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-03-14T19:55:00.697",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
    },
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43058"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securityfocus.com/bid/46830"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-0277

Vulnerability from fkie_nvd - Published: 2011-02-09 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
References
hp-security-alert@hp.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131
hp-security-alert@hp.comhttp://osvdb.org/70836
hp-security-alert@hp.comhttp://secunia.com/advisories/43058Vendor Advisory
hp-security-alert@hp.comhttp://www.securityfocus.com/bid/46258
hp-security-alert@hp.comhttp://www.securitytracker.com/id?1025032
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70836
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43058Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46258
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025032
Impacted products
Vendor Product Version
hp power_manager *
hp power_manager 4.2.5
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
hp power_manager 4.2.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F6F47C-2BD0-4523-9CE9-2DF813DAD007",
              "versionEndIncluding": "4.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCE8F58-E1A8-4DFA-80B1-32BECDAF1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4CA6CE-AF65-41E9-829D-1582E53086F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6710514E-9885-4B85-9491-2760C4038C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7306F-BFC5-479E-B4AF-4DCAE01FE3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC512A-EE43-4690-9F0C-38A1E5E0FFBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en HP Power Manager (HPPM) v4.3.2 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores durante las peticiones de creaci\u00f3n de nuevas cuentas administrativas."
    }
  ],
  "id": "CVE-2011-0277",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-09T01:00:09.307",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://osvdb.org/70836"
    },
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43058"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securityfocus.com/bid/46258"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securitytracker.com/id?1025032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025032"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2010-4113

Vulnerability from fkie_nvd - Published: 2010-12-22 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
References
hp-security-alert@hp.comhttp://marc.info/?l=bugtraq&m=129251322532373&w=2Vendor Advisory
hp-security-alert@hp.comhttp://secunia.com/advisories/42644Vendor Advisory
hp-security-alert@hp.comhttp://www.securitytracker.com/id?1024902
hp-security-alert@hp.comhttp://www.zerodayinitiative.com/advisories/ZDI-10-292/
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=129251322532373&w=2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42644Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024902
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-292/
Impacted products
Vendor Product Version
hp power_manager *
hp power_manager 4.2.5
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5EF900-BB09-4E23-8A17-6B9479A736C0",
              "versionEndIncluding": "4.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCE8F58-E1A8-4DFA-80B1-32BECDAF1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4CA6CE-AF65-41E9-829D-1582E53086F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6710514E-9885-4B85-9491-2760C4038C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7306F-BFC5-479E-B4AF-4DCAE01FE3F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en HP Power Manager (HPPM) anterior a versi\u00f3n 4.3.2, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una variable Login larga en el servidor web de administraci\u00f3n."
    }
  ],
  "id": "CVE-2010-4113",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-22T21:00:18.303",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
    },
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42644"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securitytracker.com/id?1024902"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-4000

Vulnerability from fkie_nvd - Published: 2010-01-20 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
References
PSIRT-CNA@flexerasoftware.comhttp://marc.info/?l=bugtraq&m=126393370331959&w=2Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37280Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-48/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://securitytracker.com/id?1023470
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37873
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126393370331959&w=2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37280Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-48/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023470
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37873
Impacted products
Vendor Product Version
hp power_manager *
hp power_manager 4.2.5
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5EF900-BB09-4E23-8A17-6B9479A736C0",
              "versionEndIncluding": "4.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCE8F58-E1A8-4DFA-80B1-32BECDAF1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4CA6CE-AF65-41E9-829D-1582E53086F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6710514E-9885-4B85-9491-2760C4038C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7306F-BFC5-479E-B4AF-4DCAE01FE3F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos sobrescribir ficheros de forma arbitraria, y ejecutar c\u00f3digo arbitrario, a trav\u00e9s de secuencia de salto de directorio en el par\u00e1metro \"fileName\"."
    }
  ],
  "id": "CVE-2009-4000",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-20T22:30:00.413",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37280"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-48/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1023470"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-48/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37873"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-3999

Vulnerability from fkie_nvd - Published: 2010-01-20 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
References
PSIRT-CNA@flexerasoftware.comhttp://marc.info/?l=bugtraq&m=126393370331959&w=2
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37280Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-47/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://securityreason.com/securityalert/8482
PSIRT-CNA@flexerasoftware.comhttp://securitytracker.com/id?1023470
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37867
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126393370331959&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37280Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-47/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8482
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023470
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37867
Impacted products
Vendor Product Version
hp power_manager *
hp power_manager 4.2.5
hp power_manager 4.2.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5EF900-BB09-4E23-8A17-6B9479A736C0",
              "versionEndIncluding": "4.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCE8F58-E1A8-4DFA-80B1-32BECDAF1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4CA6CE-AF65-41E9-829D-1582E53086F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de pila basado en b\u00fafer en goform/formExportDataLogs en HP Power Manager en versiones anteriores a v4.2.10 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro largo \"fileName\"."
    }
  ],
  "id": "CVE-2009-3999",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-20T22:30:00.367",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37280"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-47/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securityreason.com/securityalert/8482"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1023470"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-47/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37867"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-2685

Vulnerability from fkie_nvd - Published: 2009-11-06 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=125744000032141&w=2
cve@mitre.orghttp://secunia.com/advisories/37276Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1023140
cve@mitre.orghttp://www.osvdb.org/59684
cve@mitre.orghttp://www.securityfocus.com/archive/1/507708/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/36933
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3154Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-09-081/
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=125744000032141&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37276Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023140
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/59684
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507708/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36933
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-09-081/
Impacted products
Vendor Product Version
hp power_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F088CA39-C40B-4C1A-9009-23B3AFF0CC07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el formulario de login en el servidor de gesti\u00f3n web en HP Power Manager permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la variable \"Login\"."
    }
  ],
  "id": "CVE-2009-2685",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-06T15:30:00.420",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023140"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/59684"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36933"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/59684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-0280 (GCVE-0-2011-0280)

Vulnerability from cvelistv5 – Published: 2011-03-14 19:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/46830 vdb-entryx_refsource_BID
http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:07.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "powermanager-unspecified-xss(66035)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
          },
          {
            "name": "46830",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46830"
          },
          {
            "name": "43058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43058"
          },
          {
            "name": "HPSBMA02629",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
          },
          {
            "name": "SSRT100381",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "powermanager-unspecified-xss(66035)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
        },
        {
          "name": "46830",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46830"
        },
        {
          "name": "43058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43058"
        },
        {
          "name": "HPSBMA02629",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
        },
        {
          "name": "SSRT100381",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-0280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "powermanager-unspecified-xss(66035)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
            },
            {
              "name": "46830",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46830"
            },
            {
              "name": "43058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43058"
            },
            {
              "name": "HPSBMA02629",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            },
            {
              "name": "SSRT100381",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-0280",
    "datePublished": "2011-03-14T19:00:00",
    "dateReserved": "2010-12-23T00:00:00",
    "dateUpdated": "2024-08-06T21:51:07.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0277 (GCVE-0-2011-0277)

Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
http://www.securitytracker.com/id?1025032 vdb-entryx_refsource_SECTRACK
http://osvdb.org/70836 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/46258 vdb-entryx_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:07.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1025032",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025032"
          },
          {
            "name": "70836",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70836"
          },
          {
            "name": "46258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46258"
          },
          {
            "name": "SSRT100381",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
          },
          {
            "name": "HPSBMA02629",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
          },
          {
            "name": "43058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43058"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-02-17T10:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "1025032",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025032"
        },
        {
          "name": "70836",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70836"
        },
        {
          "name": "46258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46258"
        },
        {
          "name": "SSRT100381",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
        },
        {
          "name": "HPSBMA02629",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
        },
        {
          "name": "43058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43058"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-0277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025032",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025032"
            },
            {
              "name": "70836",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70836"
            },
            {
              "name": "46258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46258"
            },
            {
              "name": "SSRT100381",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "HPSBMA02629",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "43058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43058"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-0277",
    "datePublished": "2011-02-09T00:00:00",
    "dateReserved": "2010-12-23T00:00:00",
    "dateUpdated": "2024-08-06T21:51:07.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-4113 (GCVE-0-2010-4113)

Vulnerability from cvelistv5 – Published: 2010-12-22 20:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
http://www.securitytracker.com/id?1024902 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
http://www.zerodayinitiative.com/advisories/ZDI-10-292/ x_refsource_MISC
http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/42644 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1024902",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024902"
          },
          {
            "name": "HPSBMA02545",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
          },
          {
            "name": "SSRT100139",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
          },
          {
            "name": "42644",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42644"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-01-11T10:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "1024902",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024902"
        },
        {
          "name": "HPSBMA02545",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
        },
        {
          "name": "SSRT100139",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
        },
        {
          "name": "42644",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42644"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2010-4113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024902",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024902"
            },
            {
              "name": "HPSBMA02545",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
            },
            {
              "name": "SSRT100139",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "42644",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42644"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2010-4113",
    "datePublished": "2010-12-22T20:00:00",
    "dateReserved": "2010-10-27T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4000 (GCVE-0-2009-4000)

Vulnerability from cvelistv5 – Published: 2010-01-20 22:00 – Updated: 2024-09-16 17:09
VLAI?
Summary
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/secunia_research/2009-48/ x_refsource_MISC
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/37873 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37280"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-48/"
          },
          {
            "name": "HPSBMA02485",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "1023470",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023470"
          },
          {
            "name": "SSRT090252",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "37873",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37873"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-01-20T22:00:00Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "37280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37280"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-48/"
        },
        {
          "name": "HPSBMA02485",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "1023470",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023470"
        },
        {
          "name": "SSRT090252",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "37873",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37873"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-4000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-48/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-48/"
            },
            {
              "name": "HPSBMA02485",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37873",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37873"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-4000",
    "datePublished": "2010-01-20T22:00:00Z",
    "dateReserved": "2009-11-19T00:00:00Z",
    "dateUpdated": "2024-09-16T17:09:00.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3999 (GCVE-0-2009-3999)

Vulnerability from cvelistv5 – Published: 2010-01-20 22:00 – Updated: 2024-08-07 06:45
VLAI?
Summary
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/secunia_research/2009-47/ x_refsource_MISC
http://securityreason.com/securityalert/8482 third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/37867 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-47/"
          },
          {
            "name": "8482",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8482"
          },
          {
            "name": "37280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37280"
          },
          {
            "name": "HPSBMA02485",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "1023470",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023470"
          },
          {
            "name": "SSRT090252",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "37867",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37867"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-47/"
        },
        {
          "name": "8482",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8482"
        },
        {
          "name": "37280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37280"
        },
        {
          "name": "HPSBMA02485",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "1023470",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023470"
        },
        {
          "name": "SSRT090252",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "37867",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37867"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3999",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2009-47/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-47/"
            },
            {
              "name": "8482",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8482"
            },
            {
              "name": "37280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "HPSBMA02485",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37867",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37867"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3999",
    "datePublished": "2010-01-20T22:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2685 (GCVE-0-2009-2685)

Vulnerability from cvelistv5 – Published: 2009-11-06 15:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.osvdb.org/59684 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/36933 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/3154 vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/archive/1/507708/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/37276 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
http://www.zerodayinitiative.com/advisories/ZDI-09-081/ x_refsource_MISC
http://securitytracker.com/id?1023140 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59684",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/59684"
          },
          {
            "name": "36933",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36933"
          },
          {
            "name": "ADV-2009-3154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3154"
          },
          {
            "name": "HPSBMA02474",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
          },
          {
            "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
          },
          {
            "name": "37276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37276"
          },
          {
            "name": "SSRT090107",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
          },
          {
            "name": "1023140",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59684",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/59684"
        },
        {
          "name": "36933",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36933"
        },
        {
          "name": "ADV-2009-3154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3154"
        },
        {
          "name": "HPSBMA02474",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
        },
        {
          "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
        },
        {
          "name": "37276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37276"
        },
        {
          "name": "SSRT090107",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
        },
        {
          "name": "1023140",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2685",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59684",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/59684"
            },
            {
              "name": "36933",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36933"
            },
            {
              "name": "ADV-2009-3154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3154"
            },
            {
              "name": "HPSBMA02474",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
            },
            {
              "name": "37276",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37276"
            },
            {
              "name": "SSRT090107",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
            },
            {
              "name": "1023140",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2685",
    "datePublished": "2009-11-06T15:00:00",
    "dateReserved": "2009-08-05T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0280 (GCVE-0-2011-0280)

Vulnerability from nvd – Published: 2011-03-14 19:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/46830 vdb-entryx_refsource_BID
http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:07.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "powermanager-unspecified-xss(66035)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
          },
          {
            "name": "46830",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46830"
          },
          {
            "name": "43058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43058"
          },
          {
            "name": "HPSBMA02629",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
          },
          {
            "name": "SSRT100381",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "powermanager-unspecified-xss(66035)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
        },
        {
          "name": "46830",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46830"
        },
        {
          "name": "43058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43058"
        },
        {
          "name": "HPSBMA02629",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
        },
        {
          "name": "SSRT100381",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-0280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "powermanager-unspecified-xss(66035)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
            },
            {
              "name": "46830",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46830"
            },
            {
              "name": "43058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43058"
            },
            {
              "name": "HPSBMA02629",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            },
            {
              "name": "SSRT100381",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-0280",
    "datePublished": "2011-03-14T19:00:00",
    "dateReserved": "2010-12-23T00:00:00",
    "dateUpdated": "2024-08-06T21:51:07.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0277 (GCVE-0-2011-0277)

Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
http://www.securitytracker.com/id?1025032 vdb-entryx_refsource_SECTRACK
http://osvdb.org/70836 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/46258 vdb-entryx_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:07.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1025032",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025032"
          },
          {
            "name": "70836",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70836"
          },
          {
            "name": "46258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46258"
          },
          {
            "name": "SSRT100381",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
          },
          {
            "name": "HPSBMA02629",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
          },
          {
            "name": "43058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43058"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-02-17T10:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "1025032",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025032"
        },
        {
          "name": "70836",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70836"
        },
        {
          "name": "46258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46258"
        },
        {
          "name": "SSRT100381",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
        },
        {
          "name": "HPSBMA02629",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
        },
        {
          "name": "43058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43058"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-0277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025032",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025032"
            },
            {
              "name": "70836",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70836"
            },
            {
              "name": "46258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46258"
            },
            {
              "name": "SSRT100381",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "HPSBMA02629",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "43058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43058"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-0277",
    "datePublished": "2011-02-09T00:00:00",
    "dateReserved": "2010-12-23T00:00:00",
    "dateUpdated": "2024-08-06T21:51:07.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-4113 (GCVE-0-2010-4113)

Vulnerability from nvd – Published: 2010-12-22 20:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
hp
References
http://www.securitytracker.com/id?1024902 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
http://www.zerodayinitiative.com/advisories/ZDI-10-292/ x_refsource_MISC
http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/42644 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1024902",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024902"
          },
          {
            "name": "HPSBMA02545",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
          },
          {
            "name": "SSRT100139",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
          },
          {
            "name": "42644",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42644"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-01-11T10:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "1024902",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024902"
        },
        {
          "name": "HPSBMA02545",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
        },
        {
          "name": "SSRT100139",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
        },
        {
          "name": "42644",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42644"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2010-4113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024902",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024902"
            },
            {
              "name": "HPSBMA02545",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
            },
            {
              "name": "SSRT100139",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "42644",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42644"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2010-4113",
    "datePublished": "2010-12-22T20:00:00",
    "dateReserved": "2010-10-27T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4000 (GCVE-0-2009-4000)

Vulnerability from nvd – Published: 2010-01-20 22:00 – Updated: 2024-09-16 17:09
VLAI?
Summary
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/secunia_research/2009-48/ x_refsource_MISC
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/37873 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37280"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-48/"
          },
          {
            "name": "HPSBMA02485",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "1023470",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023470"
          },
          {
            "name": "SSRT090252",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "37873",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37873"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-01-20T22:00:00Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "37280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37280"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-48/"
        },
        {
          "name": "HPSBMA02485",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "1023470",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023470"
        },
        {
          "name": "SSRT090252",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "37873",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37873"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-4000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-48/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-48/"
            },
            {
              "name": "HPSBMA02485",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37873",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37873"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-4000",
    "datePublished": "2010-01-20T22:00:00Z",
    "dateReserved": "2009-11-19T00:00:00Z",
    "dateUpdated": "2024-09-16T17:09:00.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3999 (GCVE-0-2009-3999)

Vulnerability from nvd – Published: 2010-01-20 22:00 – Updated: 2024-08-07 06:45
VLAI?
Summary
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/secunia_research/2009-47/ x_refsource_MISC
http://securityreason.com/securityalert/8482 third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/37867 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-47/"
          },
          {
            "name": "8482",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8482"
          },
          {
            "name": "37280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37280"
          },
          {
            "name": "HPSBMA02485",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "1023470",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023470"
          },
          {
            "name": "SSRT090252",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
          },
          {
            "name": "37867",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37867"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-47/"
        },
        {
          "name": "8482",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8482"
        },
        {
          "name": "37280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37280"
        },
        {
          "name": "HPSBMA02485",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "1023470",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023470"
        },
        {
          "name": "SSRT090252",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
        },
        {
          "name": "37867",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37867"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3999",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2009-47/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-47/"
            },
            {
              "name": "8482",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8482"
            },
            {
              "name": "37280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "HPSBMA02485",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37867",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37867"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3999",
    "datePublished": "2010-01-20T22:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2685 (GCVE-0-2009-2685)

Vulnerability from nvd – Published: 2009-11-06 15:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.osvdb.org/59684 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/36933 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/3154 vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/archive/1/507708/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/37276 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
http://www.zerodayinitiative.com/advisories/ZDI-09-081/ x_refsource_MISC
http://securitytracker.com/id?1023140 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59684",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/59684"
          },
          {
            "name": "36933",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36933"
          },
          {
            "name": "ADV-2009-3154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3154"
          },
          {
            "name": "HPSBMA02474",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
          },
          {
            "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
          },
          {
            "name": "37276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37276"
          },
          {
            "name": "SSRT090107",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
          },
          {
            "name": "1023140",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59684",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/59684"
        },
        {
          "name": "36933",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36933"
        },
        {
          "name": "ADV-2009-3154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3154"
        },
        {
          "name": "HPSBMA02474",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
        },
        {
          "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
        },
        {
          "name": "37276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37276"
        },
        {
          "name": "SSRT090107",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
        },
        {
          "name": "1023140",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2685",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59684",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/59684"
            },
            {
              "name": "36933",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36933"
            },
            {
              "name": "ADV-2009-3154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3154"
            },
            {
              "name": "HPSBMA02474",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
            },
            {
              "name": "37276",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37276"
            },
            {
              "name": "SSRT090107",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
            },
            {
              "name": "1023140",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2685",
    "datePublished": "2009-11-06T15:00:00",
    "dateReserved": "2009-08-05T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}