CVE-2009-3693

Опубликовано: 13 окт. 2009

Источник: nvd

CVSS2: 9.3

EPSS Высокий

Описание

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via .. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Ссылки

http://retrogod.altervista.org/9sg_hp_loadrunner.html
Exploit
http://secunia.com/advisories/36898
Vendor Advisory
http://retrogod.altervista.org/9sg_hp_loadrunner.html
Exploit
http://secunia.com/advisories/36898
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:loadrunner:9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.72607

Высокий

9.3 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-r6hj-55cr-38hq

github

почти 4 года назад

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.