CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3693

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.674

EPSS Ranking 98.5%

CVSS Severity

CVSS v2 Score 9.3

References

http://retrogod.altervista.org/9sg_hp_loadrunner.html
http://secunia.com/advisories/36898
http://retrogod.altervista.org/9sg_hp_loadrunner.html
http://secunia.com/advisories/36898

Products affected by CVE-2009-3693

Hp » Loadrunner » Version: 9.5

cpe:2.3:a:hp:loadrunner:9.5
Persits » Xupload » Version: 2.0

cpe:2.3:a:persits:xupload:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3693

Products

Pricing

Contact Us