Vulnerabilities > CVE-2013-4839 - Unspecified vulnerability in HP Loadrunner

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
hp
nessus
NVD
Published: 2013-11-04
Updated: 2024-11-21

Summary

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.

Vulnerable Configurations

Part Description Count
Application
Hp
8

Nessus

NASL familyWindows
NASL idHP_LOADRUNNER_11_52_1.NASL
descriptionThe version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities : - Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to create files with arbitrary content, thus leading to remote code execution. (CVE-2013-4837, CVE-2013-4838) - A SQL injection vulnerability exists in the Virtual User Generator that allows remote attackers to acquire sensitive information, modify data, or cause a denial of service. (CVE-2013-4839) - A flaw exists in the Virtual User Generator when handling multiple unspecified methods that allows a remote attacker to read, write, or delete arbitrary files, thus leading to information disclosure or the execution of arbitrary code. (CVE-2013-6213)
last seen2020-06-01
modified2020-06-02
plugin id70806
published2013-11-09
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/70806
titleHP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities

References