Loadrunner Security Vulnerabilities - May
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
7.7AI Score
0.92EPSS
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
6.6AI Score
0.932EPSS
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
7.6AI Score
0.931EPSS
Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.
7AI Score
0.009EPSS
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
7.8AI Score
0.813EPSS
Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.
8.4AI Score
0.069EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
6.5AI Score
0.894EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
7.9AI Score
0.931EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
7.6AI Score
0.963EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
7.9AI Score
0.335EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
7.6AI Score
0.964EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
7.8AI Score
0.793EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
7.6AI Score
0.97EPSS
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
7.8AI Score
0.335EPSS
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
7.6AI Score
0.954EPSS
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
7.8AI Score
0.92EPSS
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.
6.8AI Score
0.03EPSS
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
7.8AI Score
0.924EPSS
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
8.1AI Score
0.227EPSS
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
6.5AI Score
0.007EPSS
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
7.9AI Score
0.208EPSS
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through pat...
9.8CVSS
9.8AI Score
0.317EPSS
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through...
9.1CVSS
9.1AI Score
0.034EPSS
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to...
7.5CVSS
7.7AI Score
0.012EPSS
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
8.6CVSS
8.2AI Score
0.013EPSS
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
9.8CVSS
9.6AI Score
0.015EPSS
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
9.8CVSS
9.7AI Score
0.162EPSS
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.
5.4CVSS
5.3AI Score
0.001EPSS