Vulnerabilities > CVE-2015-6857 - Local Code Execution vulnerability in HP Loadrunner and Performance Center

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
hp
nessus
NVD
Published: 2015-11-26
Updated: 2016-12-07

Summary

Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.

Vulnerable Configurations

Part Description Count
Application
Hp
10

Nessus

  • NASL familyGain a shell remotely
    NASL idHP_VTS_IMPORT_DB_RCE.NASL
    descriptionThe HP Virtual Table Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a malicious connection string or SQL command, to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id88021
    published2016-01-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88021
    titleHP Virtual Table Server (VTS) Database Import RCE
  • NASL familyWindows
    NASL idHP_LOADRUNNER_VTS_RCE.NASL
    descriptionThe version of HP LoadRunner installed on the remote host is 11.52, 12.00, 12.01, 12.02, or 12.50. It is, therefore, affected by a remote code execution vulnerability in the Virtual Table Server (VTS). An unauthenticated, remote attacker can exploit this, via a malicious connection string or SQL command, to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id87211
    published2015-12-05
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87211
    titleHP LoadRunner 11.52 / 12.00 / 12.01 / 12.02 / 12.50 Virtual Table Server RCE

References