exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2013-4798

Status Candidate

Overview

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

Related Files

HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution
Posted Sep 4, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

tags | exploit, arbitrary, activex
systems | windows, xp, vista
advisories | CVE-2013-4798, OSVDB-95642
MD5 | 5f7630ca27a1c56598761f3e375ec40d
HP Security Bulletin HPSBGN02905 2
Posted Aug 22, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02905 2 - Potential security vulnerabilities have been identified with HP LoadRunner and HP Business Process Monitor (BPM). The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801
MD5 | e1b29cbcc235c564a68534716c986bd4
HP Security Bulletin HPSBGN02905
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801
MD5 | b2cf205493c8ebaea51737271a24652f
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close