cbcvebase.

Hp Power Manager vulnerabilities

5 known vulnerabilities affecting hp/power_manager.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-3999P2CRITICALCVSS 10.0PoC≤ 4.2.9v4.2.5+1 more2010-01-20
CVE-2009-3999 [CRITICAL] CWE-119 CVE-2009-3999: Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows re Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
nvd
CVE-2009-4000P3CRITICALCVSS 10.0≤ 4.2.9v4.2.5+3 more2010-01-20
CVE-2009-4000 [CRITICAL] CWE-22 CVE-2009-4000: Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 all Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
nvd
CVE-2010-4113P3CRITICALCVSS 9.3≤ 4.2.9v4.2.5+3 more2010-12-22
CVE-2010-4113 [CRITICAL] CWE-119 CVE-2010-4113: Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execu Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
nvd
CVE-2011-0277P4MEDIUMCVSS 6.8≤ 4.3.2v4.2.5+4 more2011-02-09
CVE-2011-0277 [MEDIUM] CWE-352 CVE-2011-0277: Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
nvd
CVE-2011-0280P4MEDIUMCVSS 4.3≤ 4.3.2v4.2.5+4 more2011-03-14
CVE-2011-0280 [MEDIUM] CWE-79 CVE-2011-0280: Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier all Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of
nvd
Hp Power Manager vulnerabilities | cvebase