CVE-2009-2685

HP Power Manager - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16785

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by ryujin · pythonremotewindows

https://www.exploit-db.com/exploits/10099

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_power_manager_login.rb

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/59684

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36933

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/3154

[Mailing List] http://marc.info/?l=bugtraq&m=125744000032141&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507708/100/0/threaded

[Vendor Advisory] http://secunia.com/advisories/37276

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-09-081/

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023140

Scores

EPSS 0.8543

EPSS Percentile 99.4%

Details

CWE

CWE-119

Status published

Products (1)

hp/power_manager

Published Nov 06, 2009

Tracked Since Feb 18, 2026