What is CVE-2009-3693?

CVE-2009-3693 is a vulnerability in N/a. Published 2009-10-13.

Is CVE-2009-3693 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-3693

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHt…

EPSS: 0.709 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

36898 (x_refsource_SECUNIA, third-party-advisory)
retrogod.altervista.org/9sg_hp_loadrunner.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2009-3693?: CVE-2009-3693 is a vulnerability in N/a. Published 2009-10-13.
Is CVE-2009-3693 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.