HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal

Added: 12/18/2013 CVE: CVE-2013-4837 BID: 63475 OSVDB: 99231 Background HP LoadRunner is a software performance testing solution. Problem A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using t...

HP LoadRunner EmulationAdmin Web Service Directory Traversal

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 /Apache-Coyote/1.1/ include REXML include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper...

HP LoadRunner EmulationAdmin - Web Service Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 /Apache-Coyote/1.1/ include REXML include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper...

HP LoadRunner EmulationAdmin Web Service Directory Traversal

This Metasploit module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This Metasploit module has been tested successful...

HP LoadRunner EmulationAdmin Web Service Directory Traversal

This module exploits a directory traversal vulnerability in version 11.52 of HP LoadRunner. The vulnerability exists in the EmulationAdmin web service, specifically in the copyFileToServer method, allowing the upload of arbitrary files. This module has been tested successfully on HP LoadRunner...

HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities

The version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities : - Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to...

HP LoadRunner code execution

Virtual User Generator multiple vulnerabilities...

[security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969437 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969437 Version: 1 HPSBMU02935 rev....

CVE-2013-4839

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851...

CVE-2013-4837

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832...

Security feature bypass

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832...

Security feature bypass

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851...

Design/Logic Flaw

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850...

CVE-2013-4837

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832...

CVE-2013-4838

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850...

CVE-2013-4839

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851...

CVE-2013-4838

HP LoadRunner Virtual User Generator (VUG) prior to 11.52 is affected by a remote code execution vulnerability (CVE-2013-4838) due to a directory traversal flaw in the EmulationAdmin service’s saveCodeRuleFile handling. Exploitation does not require authentication and can permit arbitrary file cr...

CVE-2013-4839

HP LoadRunner’s HP Virtual User Generator (VUG) vulnerability CVE-2013-4839 enables remote code execution via the EmulationAdmin web service getReport endpoint. The ZDI advisory states the flaw arises from improper handling/sanitization of parameters in getReport, allowing a remote attacker to in...

CVE-2013-4837

HP LoadRunner CVE-2013-4837 affects the Virtual User Generator (VUG) prior to version 11.52, enabling remote code execution via unknown vectors (ZDI-CAN-1832). Multiple connected advisories corroborate a broader EmulationAdmin exposure in HP LoadRunner 11.52-era deployments, including a directory...

HP LoadRunner magentproc.exe Stack Buffer Overflow (CVE-2013-4800)

A stack buffer overflow vulnerability has been detected in HP LoadRunner. The vulnerability is due to insufficient validation of a length value in SSL communication with the magentproc.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to...