CVE-2013-2370

CVE-2013-2370 concerns HP LoadRunner prior to 11.52. Public records in connected sources indicate an unspecified vulnerability that allows remote code execution via unknown vectors (aka ZDI-CAN-1671). Several connected entries reference the vulnerability in the context of the lrFileIOService Acti...

CVE-2013-2368

HP LoadRunner before 11.52 is affected by CVE-2013-2368 through the micWebAjax.dll ActiveX NotifyEvent method. The vulnerability causes stack corruption via user-supplied input, enabling remote code execution when a user visits a crafted page or opens a malicious file. Exploitation requires user ...

CVE-2010-1549

CVE-2010-1549 affects HP LoadRunner Agent (Windows) prior to v9.50 and HP Performance Center prior to v9.50. The vulnerability lies in the magentproc.exe TCP service (port 54345) where a crafted, unauthenticated packet can trigger remote code execution (context: SYSTEM). Publicly documented explo...

CVE-2013-4837

HP LoadRunner CVE-2013-4837 affects the Virtual User Generator (VUG) prior to version 11.52, enabling remote code execution via unknown vectors (ZDI-CAN-1832). Multiple connected advisories corroborate a broader EmulationAdmin exposure in HP LoadRunner 11.52-era deployments, including a directory...

CVE-2013-4798

HP LoadRunner prior to 11.52 is vulnerable via the lrFileIOService ActiveX WriteFileString method, which does not sanitize input and allows a remote attacker to write files (directory traversal) potentially enabling code execution. The issue affects Windows platforms and has been addressed by upg...

CVE-2011-0272

HP LoadRunner 9.52 is affected by a remote code execution vulnerability. The magentproc.exe process binds by default to TCP ports 5001/5002 (and additional ports per some advisories), blindly trusts a user-supplied value as an allocation size and copies data from a request into a heap buffer, ena...

CVE-2013-4799

HP LoadRunner CVE-2013-4799 is a remote code execution flaw in HP LoadRunner before v11.52. The root cause is an insufficient check on the length value of XDR-encoded data in an incoming request, leading to a heap buffer overflow. An unauthenticated remote attacker could exploit this to run arbit...

CVE-2011-2328

CVE-2011-2328 affects HP LoadRunner (Windows) where a buffer overflow can be triggered by a long .usr (Virtual User script) directive, potentially enabling remote arbitrary code execution or a DoS (daemon crash). The issue arises from handling oversized inputs in the script processing component. ...

CVE-2009-3693

CVE-2009-3693 involves a directory traversal in Persits.XUpload.2 ActiveX control (XUpload.ocx) shipped with HP LoadRunner 9.5. The flaw arises in the MakeHttpRequest method, where sequences like "..\" can cause arbitrary files to be created on the target. Public details describe this as a write-...

CVE-2015-2110

Affected software: HP LoadRunner 11.52. Vulnerability: Buffer overflow due to insufficient validation of a length value in SSL communication, enabling a remote unauthenticated attacker to execute arbitrary code in the LoadRunner process. Impact: Remote code execution with high impact (per CVSS ba...

CVE-2016-4359

CVE-2016-4359 involves a stack-based buffer overflow in mchan.dll of HPE LoadRunner/Performance Center. The flaw occurs when constructing a shared memory/file name or processing a long -server_name value, allowing an unauthenticated attacker to remotely execute arbitrary code. Affected products i...

CVE-2015-5426

HP LoadRunner Controller (pre-12.50) is affected by a stack-based buffer overflow while parsing .lrs scenario files, allowing local code execution in the context of the current user. HP’s security bulletin HPSBMU03339 rev.1 states only impacted versions are affected and recommends upgrading to HP...

CVE-2013-4801

CVE-2013-4801 is linked to HP LoadRunner before 11.52 and is tied to the lrLRIServices ActiveX control. The connected documents show a remote code-execution flaw in the ActiveX control’s handling of input to the output directory mutator, exploitable by persuading a user to open a crafted page or ...

CVE-2016-4360

The CVE-2016-4360 issue affects Hewlett Packard Enterprise LoadRunner/Performance Center components (notably the Virtual Table Server import_csv feature). The root cause is that web/admin/data.js in the VTS component does not restrict file paths sent to unlink, enabling an unauthenticated remote ...

CVE-2013-4838

HP LoadRunner Virtual User Generator (VUG) prior to 11.52 is affected by a remote code execution vulnerability (CVE-2013-4838) due to a directory traversal flaw in the EmulationAdmin service’s saveCodeRuleFile handling. Exploitation does not require authentication and can permit arbitrary file cr...

CVE-2017-5789

CVE-2017-5789 affects HP LoadRunner (before 12.53 Patch 4) and HP Performance Center (before 12.53 Patch 4). The root cause is a heap‑based buffer overflow in the libxdrutil.dll mxdr_string function, due to insufficient validation of user data length. This leads to remote code execution without a...

CVE-2017-8953

CVE-2017-8953 describes a remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center v12.53 and earlier. The root cause is improper input filtering of user-submitted content, allowing attacker-controlled input to be reflected in a vulnerable co...

CVE-2013-2369

HP LoadRunner before 11.52 is affected by CVE-2013-2369. The vulnerability is tied to the lrFileIOService ActiveX control CreateFileCont, which allows remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). Affected product/versions: HP LoadRun...

CVE-2016-4361

CVE-2016-4361 affects HP LoadRunner and HP Performance Center. Multiple components (e.g., magentservice.exe) are vulnerable to remote denial of service via malformed requests (xdr_string handling) or related malformed packets, allowing a remote attacker to crash the service. Affected products/ver...

CVE-2013-4800

CVE-2013-4800 affects HP LoadRunner (pre-11.52). The vulnerability is tied to the LoadRunner agent process magentproc.exe and is described as a stack buffer overflow during SSL communication, caused by insufficient validation of a length value. A remote, unauthenticated attacker could exploit thi...

CVE-2015-6857

CVE-2015-6857 affects HP LoadRunner’s Virtual Table Server (VTS). The vulnerability enables remote code execution in VTS via unauthenticated access, with HP/Nessus/ZDI references detailing concrete vectors: HP LoadRunner VTS running 11.52, 12.00, 12.01, 12.02, or 12.50 is exploitable through a re...

CVE-2013-6213

CVE-2013-6213 affects HP LoadRunner's Virtual User Generator (VUG) prior to 11.52 Patch 1 , as described by the NVD entry: an unspecified vulnerability in VUG allows remote code execution via unknown vectors. Related open-source/security feeds corroborate a remote code execution vulnerability in ...

CVE-2013-4839

HP LoadRunner’s HP Virtual User Generator (VUG) vulnerability CVE-2013-4839 enables remote code execution via the EmulationAdmin web service getReport endpoint. The ZDI advisory states the flaw arises from improper handling/sanitization of parameters in getReport, allowing a remote attacker to in...

CVE-2007-6530

CVE-2007-6530 : Buffer overflow in Persits Software XUpload ActiveX control (AddFolder method) allows remote code execution via a long argument. Affected: XUpload 2.1.0.1 and likely earlier versions (pre-3.0). Products listed in description include HP Mercury LoadRunner and Groove Virtual Office....

CVE-2013-4797

HP LoadRunner vulnerability CVE-2013-4797 involves the LrWebIEBrowserMgr.dll ActiveX control. The ZDI advisory (ZDI-13-206) details a remote code execution flaw in the FlushSnapshotToFile method of this control, where improperDestinationPath sanitization enables directory traversal and arbitrary ...

CVE-2016-4384

CVE-2016-4384 applies to HPE LoadRunner and HP Performance Center prior to version 12.50. The vulnerability is a remote denial-of-service caused by improper handling of malformed packets in the mchan.dll component. Several connected sources (NVD entry, Nessus plugins) confirm a remote DoS impact ...

CVE-2016-8512

CVE-2016-8512 concerns a remote code execution in all versions of HP LoadRunner and Performance Center via the MMS protocol. The connected sources identify a buffer overflow/RCE in the MMS handling (MMS Protocol Buffer Overflow) that can be exploited remotely by an unauthenticated attacker to exe...

CVE-2010-4028

Vulnerability CVE-2010-4028 affects HP LoadRunner Web Tours 9.10 and LoadRunner 9.1 and earlier. The issue is described as an unspecified vulnerability allowing remote denial of service, with potential for information disclosure or data modification via unknown vectors. HP’s Security Bulletin HPS...