CVE-2013-4797

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690...

CVE-2013-4798

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705...

CVE-2013-4799

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734...

CVE-2013-4800

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735...

CVE-2013-4801

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736...

CVE-2013-4801

CVE-2013-4801 is linked to HP LoadRunner before 11.52 and is tied to the lrLRIServices ActiveX control. The connected documents show a remote code-execution flaw in the ActiveX control’s handling of input to the output directory mutator, exploitable by persuading a user to open a crafted page or ...

CVE-2013-4800

CVE-2013-4800 affects HP LoadRunner (pre-11.52). The vulnerability is tied to the LoadRunner agent process magentproc.exe and is described as a stack buffer overflow during SSL communication, caused by insufficient validation of a length value. A remote, unauthenticated attacker could exploit thi...

CVE-2013-4799

HP LoadRunner CVE-2013-4799 is a remote code execution flaw in HP LoadRunner before v11.52. The root cause is an insufficient check on the length value of XDR-encoded data in an incoming request, leading to a heap buffer overflow. An unauthenticated remote attacker could exploit this to run arbit...

CVE-2013-4798

HP LoadRunner prior to 11.52 is vulnerable via the lrFileIOService ActiveX WriteFileString method, which does not sanitize input and allows a remote attacker to write files (directory traversal) potentially enabling code execution. The issue affects Windows platforms and has been addressed by upg...

CVE-2013-4797

HP LoadRunner vulnerability CVE-2013-4797 involves the LrWebIEBrowserMgr.dll ActiveX control. The ZDI advisory (ZDI-13-206) details a remote code execution flaw in the FlushSnapshotToFile method of this control, where improperDestinationPath sanitization enables directory traversal and arbitrary ...

CVE-2013-2370

CVE-2013-2370 concerns HP LoadRunner prior to 11.52. Public records in connected sources indicate an unspecified vulnerability that allows remote code execution via unknown vectors (aka ZDI-CAN-1671). Several connected entries reference the vulnerability in the context of the lrFileIOService Acti...

CVE-2013-2369

HP LoadRunner before 11.52 is affected by CVE-2013-2369. The vulnerability is tied to the lrFileIOService ActiveX control CreateFileCont, which allows remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). Affected product/versions: HP LoadRun...

CVE-2013-2368

HP LoadRunner before 11.52 is affected by CVE-2013-2368 through the micWebAjax.dll ActiveX NotifyEvent method. The vulnerability causes stack corruption via user-supplied input, enabling remote code execution when a user visits a crafted page or opens a malicious file. Exploitation requires user ...

CVE-2013-2370

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671...

Hewlett-Packard LoadRunner lrFileIOService ActiveX Control WriteFileBinary Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the lrFileIOServic...

Hewlett-Packard LoadRunner Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of connections using SSL. The issue lies in the failure to validate the...

HP LoadRunner security vulnerabilities

Few different buffer overflows...

[security bulletin] HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 2 HPSBMU02785...

HP LoadRunner < 11.00 Patch 4 Code Execution (intrusive check)

The version of HP LoadRunner hosted on the remote Windows host is potentially affected by a code execution vulnerability. The application fails to properly handle incoming packets with '0x00000000' as the first 32-bit value. A remote, unauthenticated attacker, exploiting this flaw, could execute...

HP LoadRunner Detect

HP LoadRunner, an application for testing software performance, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59717; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10";...