Vulnerabilities > CVE-2013-6213 - Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Nessus
NASL family | Windows |
NASL id | HP_LOADRUNNER_11_52_1.NASL |
description | The version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities : - Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to create files with arbitrary content, thus leading to remote code execution. (CVE-2013-4837, CVE-2013-4838) - A SQL injection vulnerability exists in the Virtual User Generator that allows remote attackers to acquire sensitive information, modify data, or cause a denial of service. (CVE-2013-4839) - A flaw exists in the Virtual User Generator when handling multiple unspecified methods that allows a remote attacker to read, write, or delete arbitrary files, thus leading to information disclosure or the execution of arbitrary code. (CVE-2013-6213) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70806 |
published | 2013-11-09 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/70806 |
title | HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66961 CVE ID:CVE-2013-6213 HP LoadRunner是一款惠普公司开发的性能测试工具。 HP LoadRunner存在一个未明安全漏洞,允许远程攻击者利用漏洞执行任意代码。 0 HP LoadRunner 11.x HP LoadRunner v11.52 Patch 1版本已修复该漏洞,建议用户下载使用: https://www.hp.com/ |
id | SSV:62231 |
last seen | 2017-11-19 |
modified | 2014-04-21 |
published | 2014-04-21 |
reporter | Root |
title | HP LoadRunner Virtual User Generator远程代码执行漏洞 |