CVE-2009-4000 Information

Description

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files and execute arbitrary code via directory traversal sequences in the fileName parameter.

Reference

http://marc.info/?l=bugtraq&m=126393370331959&w=2 http://secunia.com/advisories/37280 http://secunia.com/secunia_research/2009-48/ http://securitytracker.com/id?1023470 http://www.securityfocus.com/bid/37873