Description
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
Affected products
- HP / power_manager4.2.9
- HP / power_manager4.2.5 – 4.2.5
- HP / power_manager4.2.6 – 4.2.6
- HP / power_manager4.2.7 – 4.2.7
- HP / power_manager4.2.8 – 4.2.8
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/37280
- MISChttp://secunia.com/secunia_research/2009-48/
- MAILING_LISThttp://marc.info/?l=bugtraq&m=126393370331959&w=2
- MISChttp://securitytracker.com/id?1023470
- MAILING_LISThttp://marc.info/?l=bugtraq&m=126393370331959&w=2
- MISChttp://www.securityfocus.com/bid/37873