Tenable Research

HP Power Manager is prone to an overflow condition. The management server suffers from a boundary error when processing URL parameters passed to the login form, resulting in a stack-based buffer overflow. With a specially crafted 'Login' variable, a remote attacker can potentially execute arbitrary code with SYSTEM privileges.

A vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The issue is due to the 'logfile' parameter in switchFWInstallStatus.jsp not properly sanitizing user-supplied input. With a crafted HEAD request, a remote unauthenticated attacker can disclose arbitrary files with SYSTEM or root privileges.

HP Mercury LoadRunner contains a flaw within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user.

The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version, and the versions of several Perl modules.

A buffer overflow exists in Acrobat and Reader. The getIcon() method fails to validate string arguments resulting in a stack overflow. With a specially crafted PDF file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.