Loadrunner
by Microfocus
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5789 | Cri | 0.65 | 9.8 | 0.18 | Oct 11, 2017 | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | ||
| CVE-2016-4359 | Cri | 0.65 | 9.8 | 0.16 | Jun 8, 2016 | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch… | ||
| CVE-2016-4360 | Cri | 0.60 | 9.1 | 0.09 | Jun 8, 2016 | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through… | ||
| CVE-2016-4384 | Hig | 0.56 | 8.6 | 0.04 | Sep 21, 2016 | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2016-4361 | Hig | 0.49 | 7.5 | 0.08 | Jun 8, 2016 | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow… | ||
| CVE-2010-1549 | 0.09 | — | 0.79 | May 7, 2010 | Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-4837 | 0.08 | — | 0.63 | Nov 4, 2013 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. | |||
| CVE-2013-4798 | 0.08 | — | 0.68 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. | |||
| CVE-2013-2370 | 0.08 | — | 0.63 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. | |||
| CVE-2011-4789 | 0.08 | — | 0.65 | Jan 13, 2012 | Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but… | |||
| CVE-2013-4800 | 0.06 | — | 0.39 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. | |||
| CVE-2009-3693 | 0.06 | — | 0.42 | Oct 13, 2009 | Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method. | |||
| CVE-2007-6530 | 0.06 | — | 0.37 | Dec 27, 2007 | Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder… | |||
| CVE-2015-2110 | 0.01 | — | 0.11 | May 25, 2015 | Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-6213 | 0.01 | — | 0.10 | Apr 19, 2014 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. | |||
| CVE-2013-4838 | 0.01 | — | 0.11 | Nov 4, 2013 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. | |||
| CVE-2013-4801 | 0.01 | — | 0.08 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. | |||
| CVE-2013-4799 | 0.01 | — | 0.08 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734. | |||
| CVE-2013-4797 | 0.01 | — | 0.06 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. | |||
| CVE-2013-2368 | 0.01 | — | 0.10 | Jul 29, 2013 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. |
- risk 0.65cvss 9.8epss 0.18
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
- risk 0.65cvss 9.8epss 0.16
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch…
- risk 0.60cvss 9.1epss 0.09
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through…
- risk 0.56cvss 8.6epss 0.04
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
- risk 0.49cvss 7.5epss 0.08
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…
- CVE-2010-1549May 7, 2010risk 0.09cvss —epss 0.79
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2013-4837Nov 4, 2013risk 0.08cvss —epss 0.63
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
- CVE-2013-4798Jul 29, 2013risk 0.08cvss —epss 0.68
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
- CVE-2013-2370Jul 29, 2013risk 0.08cvss —epss 0.63
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
- CVE-2011-4789Jan 13, 2012risk 0.08cvss —epss 0.65
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but…
- CVE-2013-4800Jul 29, 2013risk 0.06cvss —epss 0.39
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
- CVE-2009-3693Oct 13, 2009risk 0.06cvss —epss 0.42
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
- CVE-2007-6530Dec 27, 2007risk 0.06cvss —epss 0.37
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder…
- CVE-2015-2110May 25, 2015risk 0.01cvss —epss 0.11
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2013-6213Apr 19, 2014risk 0.01cvss —epss 0.10
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
- CVE-2013-4838Nov 4, 2013risk 0.01cvss —epss 0.11
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
- CVE-2013-4801Jul 29, 2013risk 0.01cvss —epss 0.08
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
- CVE-2013-4799Jul 29, 2013risk 0.01cvss —epss 0.08
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
- CVE-2013-4797Jul 29, 2013risk 0.01cvss —epss 0.06
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
- CVE-2013-2368Jul 29, 2013risk 0.01cvss —epss 0.10
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
Page 1 of 2