CVE-2009-3693
Persits Xupload - Path Traversal
Title source: ruleDescription
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16598
exploitdb
WORKING POC
VERIFIED
by pyrokinesis · htmldoswindows
https://www.exploit-db.com/exploits/9806
metasploit
WORKING POC
EXCELLENT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/persits_xupload_traversal.rb
Scores
EPSS
0.7261
EPSS Percentile
98.8%
Details
CWE
CWE-22
Status
published
Products (2)
hp/loadrunner
9.5
persits/xupload
2.0
Published
Oct 13, 2009
Tracked Since
Feb 18, 2026