CVE-2009-3999

HP Power Manager <4.2.10 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotecgi

https://www.exploit-db.com/exploits/18015

View Code ZIP pw:eip

nomisec WORKING POC

by afifudinmtop · poc

https://github.com/afifudinmtop/CVE-2009-3999

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Alin Rad Pop · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_power_manager_filename.rb

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=126393370331959&w=2

[Vendor Advisory] http://secunia.com/advisories/37280

[Vendor Advisory] http://secunia.com/secunia_research/2009-47/

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023470

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37867

[Third Party Advisory] http://securityreason.com/securityalert/8482

Scores

EPSS 0.7166

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (3)

hp/power_manager 4.2.5

hp/power_manager 4.2.6

hp/power_manager < 4.2.9

Published Jan 20, 2010

Tracked Since Feb 18, 2026