Published: 06/11/2009 Updated: 10/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote malicious users to execute arbitrary code via the Login variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp power manager

## # $Id: hp_power_manager_loginrb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

#!/usr/bin/python # HP Power Manager Administration Universal Buffer Overflow Exploit # CVE 2009-2685 # Tested on Win2k3 Ent SP2 English, Win XP Sp2 English # Matteo Memelli ryujin __A-T__ offensive-securitycom # wwwoffensive-securitycom # Spaghetti & Pwnsauce - 07/11/2009 # # ryujin@bt:~$ /hppowermanagerpy 1721630203 # HP Power Manager ...

CWE-119 http://www.zerodayinitiative.com/advisories/ZDI-09-081/http://securitytracker.com/id?1023140 http://marc.info/?l=bugtraq&m=125744000032141&w=2 http://www.securityfocus.com/bid/36933 http://secunia.com/advisories/37276 http://www.osvdb.org/59684 http://www.vupen.com/english/advisories/2009/3154 http://www.securityfocus.com/archive/1/507708/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16785/

CVE-2009-2685

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect