Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Power Manager
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0280 1 Hp 1 Power Manager 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.
CVE-2011-0277 1 Hp 1 Power Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
CVE-2010-4113 1 Hp 1 Power Manager 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
CVE-2009-4000 1 Hp 1 Power Manager 2024-11-21 10.0 HIGH N/A
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
CVE-2009-3999 1 Hp 1 Power Manager 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
CVE-2009-2685 1 Hp 1 Power Manager 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.