Lucene search
HistoryOct 03, 2022 - 4:23 p.m.
CVE-2009-3693
security
vulnerability
directory traversal
persits.xupload.2
activex control
xupload.ocx
hp loadrunner 9.5
cve-2009-3693
nvd
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.901 High
EPSS
Percentile
98.8%
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
Affected configurations
Node
persitsxuploadMatch2.0
hploadrunnerMatch9.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| persits:xupload | persits xupload | eq | 2.0 |
| hp:loadrunner | hp loadrunner | eq | 9.5 |
Related
saint
saint
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
2009-10-21 00:00:00
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
2009-10-21 00:00:00
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
2009-10-21 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_XUPLOAD2
2009-10-13 10:30:00
prion
prion
Directory traversal
2009-10-13 10:30:00
nvd
nvd
CVE-2009-3693
2009-10-13 10:30:00
cvelist
cvelist
CVE-2009-3693
2022-10-03 16:23:57
packetstorm
packetstorm
Persits XUpload ActiveX MakeHttpRequest Directory Traversal
2009-12-31 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.901 High
EPSS
Percentile
98.8%
Related for CVE-2009-3693