Power Manager
by Microfocus
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3999 | 0.09 | — | 0.72 | Jan 20, 2010 | Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | |||
| CVE-2009-2685 | 0.09 | — | 0.77 | Nov 6, 2009 | Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. | |||
| CVE-2009-4000 | 0.02 | — | 0.20 | Jan 20, 2010 | Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. | |||
| CVE-2010-4113 | 0.01 | — | 0.10 | Dec 22, 2010 | Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server. | |||
| CVE-2011-0280 | 0.00 | — | 0.02 | Mar 14, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3)… | |||
| CVE-2011-0277 | 0.00 | — | 0.02 | Feb 9, 2011 | Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. |
- CVE-2009-3999Jan 20, 2010risk 0.09cvss —epss 0.72
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
- CVE-2009-2685Nov 6, 2009risk 0.09cvss —epss 0.77
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
- CVE-2009-4000Jan 20, 2010risk 0.02cvss —epss 0.20
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
- CVE-2010-4113Dec 22, 2010risk 0.01cvss —epss 0.10
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
- CVE-2011-0280Mar 14, 2011risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3)…
- CVE-2011-0277Feb 9, 2011risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.