Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitation error when handling “fileName” parameters passed to /goform/formExportDataLogs. This can be exploited to overwrite arbitrary files with almost arbitrary data via directory traversal attacks. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85447/secunia-hppmtraversal.txt
Source: https://packetstormsecurity.com/files/85447/HP-Power-Manager-formExportDataLogs-Directory-Traversal.html