Lucene search
Andrea Micalizzi aka rgodZDI-13-259HistoryNov 24, 2013 - 12:00 a.m.
HP Virtual User Generator EmulationAdmin Service copyFileToServer Remote Code Execution Vulnerability
2013-11-2400:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
11
0.946 High
EPSS
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationAdmin web service. This service exposes the copyFileToServer method which contains a directory traversal flaw that allows attackers to create files at arbitrary locations with attacker controlled data. This can be leveraged by an attacker to gain remote code execution under the context of SYSTEM.
Related
packetstorm
packetstorm
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
saint
saint
prion
prion
Security feature bypass
2013-11-04 16:55:00
nvd
nvd
CVE-2013-4837
2013-11-04 16:55:04
checkpoint_advisories
checkpoint_advisories
zdt
zdt
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
cve
cve
CVE-2013-4837
2022-10-03 16:14:58
cvelist
cvelist
CVE-2013-4837
2022-10-03 16:14:58
securityvulns
securityvulns
[security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
2013-11-05 00:00:00
HP LoadRunner code execution
2013-11-05 00:00:00
nessus
nessus
HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities
2013-11-09 00:00:00