Showing 1 - 1 of 1

CVE-2016-4360

Status Candidate

Overview

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

Related Files

HP Security Bulletin HPSBGN03609 1: Posted Jun 1, 2016; Authored by HP | Site hp.com; HP Security Bulletin HPSBGN03609 1 - Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS). Revision 1 of this advisory.; tags | advisory, denial of service, vulnerability, code execution; advisories | CVE-2016-4359, CVE-2016-4360, CVE-2016-4361; SHA-256 | 8dd85acecdc21de2b83763c45a87e794f9470dfbfb9e4a32c3ab4870e2d8c66f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2016-4360

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems