Russian Vulnerability Scanner Database

Back to List

CVE-2009-3693

Scores

EPSS

0.726medium72.6%
0%20%40%60%80%100%

Percentile: 72.6%

CVSS

9.3critical2.0
0246810

CVSS Score: 9.3/10

All CVSS Scores

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-22

Exploits

Exploit ID: 16598

Source: exploitdb

URL: https://www.exploit-db.com/exploits/16598

Exploit ID: 9806

Source: exploitdb

URL: https://www.exploit-db.com/exploits/9806

Vulnerable Software (2)

Type: Configuration

Vendor: *

Product: loadrunner

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    }...

Source: nvd

Type: Configuration

Vendor: *

Product: xupload

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    }...

Source: nvd

End of list