HP LoadRunner < 11.00 Patch 4 Code Execution Vulnerability

The version of HP LoadRunner installed on the remote Windows host is potentially affected by a code execution vulnerability. The application fails to properly handle incoming packets with '0x00000000' as the first 32-bit value. A remote, unauthenticated attacker, exploiting this flaw, could execu...

[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 1 HPSBMU02785...

CVE-2011-4789

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the...

Stack overflow

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the...

CVE-2011-4789

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the...

CVE-2011-4789

CVE-2011-4789 describes a stack-based buffer overflow in HP LoadRunner 11.00 before patch 4, via a crafted packet size to magentservice.exe, enabling remote code execution. HP notes the vulnerable product is actually LoadRunner (not Diagnostics Server). Public listings and advisories (ZDI-12-016)...

CVE-2011-2328

Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a .usr aka Virtual User script file with long directives...

Buffer overflow

Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a .usr aka Virtual User script file with long directives...

CVE-2011-2328

Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a .usr aka Virtual User script file with long directives...

CVE-2011-2328

CVE-2011-2328 affects HP LoadRunner (Windows) where a buffer overflow can be triggered by a long .usr (Virtual User script) directive, potentially enabling remote arbitrary code execution or a DoS (daemon crash). The issue arises from handling oversized inputs in the script processing component. ...

HP LoadRunner buffer overflow vulnerability

Overview HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files. Description According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting...

HP LoadRunner Unspecified Arbitrary Remote Code Execution

The version of HP LoadRunner installed on the remote host reportedly blindly trusts user-supplied data as an allocation size and uses to copy data from a request packet into a statically allocated heap buffer. A remote attacker who is able to contact TCP ports 5001 or 5002 on the remote host can...

HP LoadRunner code execution

No description provided...

[security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02680678 Version: 1 HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

CVE-2011-0272

Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature...

Design/Logic Flaw

Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature...

CVE-2011-0272

Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature...

CVE-2011-0272

HP LoadRunner 9.52 is affected by a remote code execution vulnerability. The magentproc.exe process binds by default to TCP ports 5001/5002 (and additional ports per some advisories), blindly trusts a user-supplied value as an allocation size and copies data from a request into a heap buffer, ena...

HP Mercury Loadrunner Agent Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentproc.exe process which binds by default on TCP ports 5001, 5002, 5003, 50500,...

Persits XUpload - ActiveX MakeHttpRequest Directory Traversal (Metasploit)

$Id: persitsxuploadtraversal.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...