Summary
| Detail | |||
|---|---|---|---|
| Vendor | Hp | First view | 2010-05-07 |
| Product | Loadrunner | Last view | 2018-02-15 |
| Version | 9.10 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:hp:loadrunner | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2018-02-15 | CVE-2017-8953 | A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. |
| 9.8 | 2017-10-11 | CVE-2017-5789 | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. |
| 8.6 | 2016-09-20 | CVE-2016-4384 | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. |
| 4.6 | 2015-09-15 | CVE-2015-5426 | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. |
| 10 | 2014-04-19 | CVE-2013-6213 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. |
| 7.5 | 2013-11-04 | CVE-2013-4839 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851. |
| 10 | 2013-11-04 | CVE-2013-4838 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. |
| 10 | 2013-11-04 | CVE-2013-4837 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. |
| 7.5 | 2013-07-29 | CVE-2013-4801 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. |
| 9.3 | 2013-07-29 | CVE-2013-4800 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. |
| 7.6 | 2013-07-29 | CVE-2013-4799 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734. |
| 10 | 2013-07-29 | CVE-2013-4798 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. |
| 7.5 | 2013-07-29 | CVE-2013-4797 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. |
| 7.5 | 2013-07-29 | CVE-2013-2370 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. |
| 7.5 | 2013-07-29 | CVE-2013-2369 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. |
| 5 | 2013-07-29 | CVE-2013-2368 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. |
| 10 | 2010-05-07 | CVE-2010-1549 | Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
SAINT Exploits
| Description | Link |
|---|---|
| HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error | More info here |
| HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability | More info here |
| HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal | More info here |
| HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 64437 | HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0206 | HP LoadRunner Local Code Execution Vulnerability Severity: Category I - VMSKEY: V0061355 |
| 2013-A-0207 | Multiple Vulnerabilities in HP LoadRunner Severity: Category I - VMSKEY: V0041646 |
| 2013-A-0149 | Multiple Vulnerabilities in HP LoadRunner Severity: Category I - VMSKEY: V0039817 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-14 | HP LoadRunner remote command execution attempt RuleID : 45440 - Type : SERVER-OTHER - Revision : 2 |
| 2016-03-24 | HP LoadRunner ActiveX function call access attempt RuleID : 37827 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2016-03-24 | HP LoadRunner ActiveX function call access attempt RuleID : 37826 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2016-03-14 | HP LoadRunner ActiveX clsid access attempt RuleID : 36119 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2016-03-14 | HP LoadRunner ActiveX clsid access attempt RuleID : 36118 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2016-03-14 | HP LoadRunner ActiveX clsid access attempt RuleID : 36117 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2016-03-14 | HP LoadRunner ActiveX clsid access attempt RuleID : 36116 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2015-02-11 | HP LoadRunner ActiveX clsid access attempt RuleID : 33014 - Type : BROWSER-PLUGINS - Revision : 7 |
| 2015-02-11 | HP LoadRunner ActiveX clsid access attempt RuleID : 33013 - Type : BROWSER-PLUGINS - Revision : 7 |
| 2015-02-11 | HP LoadRunner stack buffer overflow attempt RuleID : 32996 - Type : SERVER-OTHER - Revision : 7 |
| 2014-03-29 | HP LoadRunner XDR handling heap buffer overflow RuleID : 29952 - Type : SERVER-OTHER - Revision : 2 |
| 2014-01-18 | HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt RuleID : 29019 - Type : SERVER-WEBAPP - Revision : 7 |
| 2014-01-18 | HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection a... RuleID : 29018 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-18 | HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt RuleID : 29017 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | HP LoadRunner WriteFileString ActiveX function call attempt RuleID : 27872 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | HP LoadRunner WriteFileString ActiveX function call attempt RuleID : 27871 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | HP LoadRunner WriteFileString ActiveX function call attempt RuleID : 27870 - Type : BROWSER-PLUGINS - Revision : 9 |
| 2014-01-10 | HP LoadRunner WriteFileString ActiveX function call attempt RuleID : 27869 - Type : BROWSER-PLUGINS - Revision : 9 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-03-22 | Name: An application installed on the remote Windows host is affected by a remote c... File: hp_loadrunner_HPESBGN03712.nasl - Type: ACT_GATHER_INFO |
| 2017-03-22 | Name: A software performance testing application installed on the remote Windows ho... File: hp_performance_center_HPESBGN03712.nasl - Type: ACT_GATHER_INFO |
| 2017-03-06 | Name: An application installed on the remote Windows host is affected by a denial o... File: hp_loadrunner_HPSBGN03648.nasl - Type: ACT_GATHER_INFO |
| 2016-09-30 | Name: A software performance testing application installed on the remote Windows ho... File: hp_performance_center_12_53.nasl - Type: ACT_GATHER_INFO |
| 2015-09-03 | Name: The remote Windows host has an application installed that is affected by a lo... File: hp_loadrunner_HPSBMU03339.nasl - Type: ACT_GATHER_INFO |
| 2013-11-09 | Name: The remote Windows host has an application that is affected by multiple vulne... File: hp_loadrunner_11_52_1.nasl - Type: ACT_GATHER_INFO |
| 2013-08-16 | Name: The remote host has an ActiveX control installed that is affected by an arbit... File: hp_loadrunner_lriservices_activex.nasl - Type: ACT_GATHER_INFO |
| 2010-05-07 | Name: It is possible to execute arbitrary commands on the remote system. File: loadrunner_agent_remote_command_execution.nasl - Type: ACT_ATTACK |
| 2007-02-13 | Name: The remote server is affected by a buffer overflow vulnerability. File: loadrunner_agent_server_ip_name_overflow.nasl - Type: ACT_ATTACK |
