Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for power_manager by hp

    CVE-2011-0280 (GCVE-0-2011-0280)

    Vulnerability from nvd – Published: 2011-03-14 19:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/46830 vdb-entryx_refsource_BID
    http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
    Date Public
    2011-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:07.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powermanager-unspecified-xss(66035)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
              },
              {
                "name": "46830",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46830"
              },
              {
                "name": "43058",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43058"
              },
              {
                "name": "HPSBMA02629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
              },
              {
                "name": "SSRT100381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "powermanager-unspecified-xss(66035)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
            },
            {
              "name": "46830",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46830"
            },
            {
              "name": "43058",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43058"
            },
            {
              "name": "HPSBMA02629",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            },
            {
              "name": "SSRT100381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2011-0280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powermanager-unspecified-xss(66035)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
                },
                {
                  "name": "46830",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46830"
                },
                {
                  "name": "43058",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43058"
                },
                {
                  "name": "HPSBMA02629",
                  "refsource": "HP",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
                },
                {
                  "name": "SSRT100381",
                  "refsource": "HP",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2011-0280",
        "datePublished": "2011-03-14T19:00:00.000Z",
        "dateReserved": "2010-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:07.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0277 (GCVE-0-2011-0277)

    Vulnerability from nvd – Published: 2011-02-09 00:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://www.securitytracker.com/id?1025032 vdb-entryx_refsource_SECTRACK
    http://osvdb.org/70836 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/46258 vdb-entryx_refsource_BID
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:07.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1025032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025032"
              },
              {
                "name": "70836",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70836"
              },
              {
                "name": "46258",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46258"
              },
              {
                "name": "SSRT100381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
              },
              {
                "name": "HPSBMA02629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
              },
              {
                "name": "43058",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-02-17T10:00:00.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1025032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025032"
            },
            {
              "name": "70836",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70836"
            },
            {
              "name": "46258",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46258"
            },
            {
              "name": "SSRT100381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "HPSBMA02629",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "43058",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2011-0277",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1025032",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025032"
                },
                {
                  "name": "70836",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70836"
                },
                {
                  "name": "46258",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46258"
                },
                {
                  "name": "SSRT100381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
                },
                {
                  "name": "HPSBMA02629",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
                },
                {
                  "name": "43058",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2011-0277",
        "datePublished": "2011-02-09T00:00:00.000Z",
        "dateReserved": "2010-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:07.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4113 (GCVE-0-2010-4113)

    Vulnerability from nvd – Published: 2010-12-22 20:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://www.securitytracker.com/id?1024902 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
    http://www.zerodayinitiative.com/advisories/ZDI-10-292/ x_refsource_MISC
    http://secunia.com/advisories/42644 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1024902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024902"
              },
              {
                "name": "HPSBMA02545",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
              },
              {
                "name": "SSRT100139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
              },
              {
                "name": "42644",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-11T10:00:00.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1024902",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024902"
            },
            {
              "name": "HPSBMA02545",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
            },
            {
              "name": "SSRT100139",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "42644",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2010-4113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1024902",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024902"
                },
                {
                  "name": "HPSBMA02545",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
                },
                {
                  "name": "SSRT100139",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
                },
                {
                  "name": "42644",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2010-4113",
        "datePublished": "2010-12-22T20:00:00.000Z",
        "dateReserved": "2010-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4000 (GCVE-0-2009-4000)

    Vulnerability from nvd – Published: 2010-01-20 22:00 – Updated: 2024-09-16 17:09
    VLAI
    Summary
    Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/secunia_research/2009-48/ x_refsource_MISC
    http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
    http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/37873 vdb-entryx_refsource_BID
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37280",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37280"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2009-48/"
              },
              {
                "name": "HPSBMA02485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "1023470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023470"
              },
              {
                "name": "SSRT090252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "37873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-01-20T22:00:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "37280",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2009-48/"
            },
            {
              "name": "HPSBMA02485",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37873",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2009-4000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37280",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37280"
                },
                {
                  "name": "http://secunia.com/secunia_research/2009-48/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2009-48/"
                },
                {
                  "name": "HPSBMA02485",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "1023470",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023470"
                },
                {
                  "name": "SSRT090252",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "37873",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2009-4000",
        "datePublished": "2010-01-20T22:00:00.000Z",
        "dateReserved": "2009-11-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:09:00.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3999 (GCVE-0-2009-3999)

    Vulnerability from nvd – Published: 2010-01-20 22:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/secunia_research/2009-47/ x_refsource_MISC
    http://securityreason.com/securityalert/8482 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
    http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/37867 vdb-entryx_refsource_BID
    Date Public
    2010-01-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2009-47/"
              },
              {
                "name": "8482",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8482"
              },
              {
                "name": "37280",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37280"
              },
              {
                "name": "HPSBMA02485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "1023470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023470"
              },
              {
                "name": "SSRT090252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "37867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37867"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-14T10:00:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2009-47/"
            },
            {
              "name": "8482",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8482"
            },
            {
              "name": "37280",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "HPSBMA02485",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37867"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2009-3999",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secunia.com/secunia_research/2009-47/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2009-47/"
                },
                {
                  "name": "8482",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8482"
                },
                {
                  "name": "37280",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37280"
                },
                {
                  "name": "HPSBMA02485",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "1023470",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023470"
                },
                {
                  "name": "SSRT090252",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "37867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37867"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2009-3999",
        "datePublished": "2010-01-20T22:00:00.000Z",
        "dateReserved": "2009-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2685 (GCVE-0-2009-2685)

    Vulnerability from nvd – Published: 2009-11-06 15:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/59684 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/36933 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/3154 vdb-entryx_refsource_VUPEN
    http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/archive/1/507708/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/37276 third-party-advisoryx_refsource_SECUNIA
    http://www.zerodayinitiative.com/advisories/ZDI-09-081/ x_refsource_MISC
    http://securitytracker.com/id?1023140 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/59684"
              },
              {
                "name": "36933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36933"
              },
              {
                "name": "ADV-2009-3154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3154"
              },
              {
                "name": "HPSBMA02474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
              },
              {
                "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
              },
              {
                "name": "37276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37276"
              },
              {
                "name": "SSRT090107",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
              },
              {
                "name": "1023140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023140"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59684",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/59684"
            },
            {
              "name": "36933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36933"
            },
            {
              "name": "ADV-2009-3154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3154"
            },
            {
              "name": "HPSBMA02474",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
            },
            {
              "name": "37276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37276"
            },
            {
              "name": "SSRT090107",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
            },
            {
              "name": "1023140",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023140"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59684",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/59684"
                },
                {
                  "name": "36933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36933"
                },
                {
                  "name": "ADV-2009-3154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3154"
                },
                {
                  "name": "HPSBMA02474",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
                },
                {
                  "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
                },
                {
                  "name": "37276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37276"
                },
                {
                  "name": "SSRT090107",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
                },
                {
                  "name": "1023140",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023140"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2685",
        "datePublished": "2009-11-06T15:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0280 (GCVE-0-2011-0280)

    Vulnerability from cvelistv5 – Published: 2011-03-14 19:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/46830 vdb-entryx_refsource_BID
    http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_HP
    Date Public
    2011-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:07.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powermanager-unspecified-xss(66035)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
              },
              {
                "name": "46830",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46830"
              },
              {
                "name": "43058",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43058"
              },
              {
                "name": "HPSBMA02629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
              },
              {
                "name": "SSRT100381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "powermanager-unspecified-xss(66035)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
            },
            {
              "name": "46830",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46830"
            },
            {
              "name": "43058",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43058"
            },
            {
              "name": "HPSBMA02629",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            },
            {
              "name": "SSRT100381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2011-0280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powermanager-unspecified-xss(66035)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035"
                },
                {
                  "name": "46830",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46830"
                },
                {
                  "name": "43058",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43058"
                },
                {
                  "name": "HPSBMA02629",
                  "refsource": "HP",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
                },
                {
                  "name": "SSRT100381",
                  "refsource": "HP",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2011-0280",
        "datePublished": "2011-03-14T19:00:00.000Z",
        "dateReserved": "2010-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:07.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0277 (GCVE-0-2011-0277)

    Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://www.securitytracker.com/id?1025032 vdb-entryx_refsource_SECTRACK
    http://osvdb.org/70836 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/46258 vdb-entryx_refsource_BID
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/43058 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:07.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1025032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025032"
              },
              {
                "name": "70836",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70836"
              },
              {
                "name": "46258",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46258"
              },
              {
                "name": "SSRT100381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
              },
              {
                "name": "HPSBMA02629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
              },
              {
                "name": "43058",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-02-17T10:00:00.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1025032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025032"
            },
            {
              "name": "70836",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70836"
            },
            {
              "name": "46258",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46258"
            },
            {
              "name": "SSRT100381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "HPSBMA02629",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
            },
            {
              "name": "43058",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2011-0277",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1025032",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025032"
                },
                {
                  "name": "70836",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70836"
                },
                {
                  "name": "46258",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46258"
                },
                {
                  "name": "SSRT100381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
                },
                {
                  "name": "HPSBMA02629",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131"
                },
                {
                  "name": "43058",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2011-0277",
        "datePublished": "2011-02-09T00:00:00.000Z",
        "dateReserved": "2010-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:07.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4113 (GCVE-0-2010-4113)

    Vulnerability from cvelistv5 – Published: 2010-12-22 20:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://www.securitytracker.com/id?1024902 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=129251322532373&w=2 vendor-advisoryx_refsource_HP
    http://www.zerodayinitiative.com/advisories/ZDI-10-292/ x_refsource_MISC
    http://secunia.com/advisories/42644 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1024902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024902"
              },
              {
                "name": "HPSBMA02545",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
              },
              {
                "name": "SSRT100139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
              },
              {
                "name": "42644",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-11T10:00:00.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1024902",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024902"
            },
            {
              "name": "HPSBMA02545",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
            },
            {
              "name": "SSRT100139",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
            },
            {
              "name": "42644",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2010-4113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1024902",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024902"
                },
                {
                  "name": "HPSBMA02545",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-292/"
                },
                {
                  "name": "SSRT100139",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=129251322532373\u0026w=2"
                },
                {
                  "name": "42644",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2010-4113",
        "datePublished": "2010-12-22T20:00:00.000Z",
        "dateReserved": "2010-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4000 (GCVE-0-2009-4000)

    Vulnerability from cvelistv5 – Published: 2010-01-20 22:00 – Updated: 2024-09-16 17:09
    VLAI
    Summary
    Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/secunia_research/2009-48/ x_refsource_MISC
    http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
    http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/37873 vdb-entryx_refsource_BID
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37280",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37280"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2009-48/"
              },
              {
                "name": "HPSBMA02485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "1023470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023470"
              },
              {
                "name": "SSRT090252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "37873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-01-20T22:00:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "37280",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2009-48/"
            },
            {
              "name": "HPSBMA02485",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37873",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2009-4000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37280",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37280"
                },
                {
                  "name": "http://secunia.com/secunia_research/2009-48/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2009-48/"
                },
                {
                  "name": "HPSBMA02485",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "1023470",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023470"
                },
                {
                  "name": "SSRT090252",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "37873",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2009-4000",
        "datePublished": "2010-01-20T22:00:00.000Z",
        "dateReserved": "2009-11-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:09:00.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3999 (GCVE-0-2009-3999)

    Vulnerability from cvelistv5 – Published: 2010-01-20 22:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/secunia_research/2009-47/ x_refsource_MISC
    http://securityreason.com/securityalert/8482 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/37280 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=126393370331959&w=2 vendor-advisoryx_refsource_HP
    http://securitytracker.com/id?1023470 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/37867 vdb-entryx_refsource_BID
    Date Public
    2010-01-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2009-47/"
              },
              {
                "name": "8482",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8482"
              },
              {
                "name": "37280",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37280"
              },
              {
                "name": "HPSBMA02485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "1023470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023470"
              },
              {
                "name": "SSRT090252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
              },
              {
                "name": "37867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37867"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-14T10:00:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2009-47/"
            },
            {
              "name": "8482",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8482"
            },
            {
              "name": "37280",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37280"
            },
            {
              "name": "HPSBMA02485",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "1023470",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023470"
            },
            {
              "name": "SSRT090252",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
            },
            {
              "name": "37867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37867"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2009-3999",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secunia.com/secunia_research/2009-47/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2009-47/"
                },
                {
                  "name": "8482",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8482"
                },
                {
                  "name": "37280",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37280"
                },
                {
                  "name": "HPSBMA02485",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "1023470",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023470"
                },
                {
                  "name": "SSRT090252",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126393370331959\u0026w=2"
                },
                {
                  "name": "37867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37867"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2009-3999",
        "datePublished": "2010-01-20T22:00:00.000Z",
        "dateReserved": "2009-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2685 (GCVE-0-2009-2685)

    Vulnerability from cvelistv5 – Published: 2009-11-06 15:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/59684 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/36933 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/3154 vdb-entryx_refsource_VUPEN
    http://marc.info/?l=bugtraq&m=125744000032141&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/archive/1/507708/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/37276 third-party-advisoryx_refsource_SECUNIA
    http://www.zerodayinitiative.com/advisories/ZDI-09-081/ x_refsource_MISC
    http://securitytracker.com/id?1023140 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/59684"
              },
              {
                "name": "36933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36933"
              },
              {
                "name": "ADV-2009-3154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3154"
              },
              {
                "name": "HPSBMA02474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
              },
              {
                "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
              },
              {
                "name": "37276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37276"
              },
              {
                "name": "SSRT090107",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
              },
              {
                "name": "1023140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023140"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59684",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/59684"
            },
            {
              "name": "36933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36933"
            },
            {
              "name": "ADV-2009-3154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3154"
            },
            {
              "name": "HPSBMA02474",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
            },
            {
              "name": "37276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37276"
            },
            {
              "name": "SSRT090107",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
            },
            {
              "name": "1023140",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023140"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59684",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/59684"
                },
                {
                  "name": "36933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36933"
                },
                {
                  "name": "ADV-2009-3154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3154"
                },
                {
                  "name": "HPSBMA02474",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
                },
                {
                  "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded"
                },
                {
                  "name": "37276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37276"
                },
                {
                  "name": "SSRT090107",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125744000032141\u0026w=2"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/"
                },
                {
                  "name": "1023140",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023140"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2685",
        "datePublished": "2009-11-06T15:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }