Unrated severityNVD Advisory· Published Oct 13, 2009· Updated Apr 23, 2026

CVE-2009-3693

Description

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Affected products

Persits/Xupload
cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*
HP/Loadrunner
cpe:2.3:a:hp:loadrunner:9.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/9sg_hp_loadrunner.htmlnvdExploit
secunia.com/advisories/36898nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.057
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000