Computer Security
[EN] securityvulns.ru no-pyccku


HP Mercury Quality Center multiple security vulnerabilities
updated since 03.04.2007
Published:13.04.2007
Source:
SecurityVulns ID:7524
Type:remote
Threat Level:
5/10
Description:SQL injection, ActiveX buffer overflow
Affected:HP : Mercury Quality Center 9.0
CVE:CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.)
 CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.)
Original documentdocumentHP, [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution (13.04.2007)
 documentIsma Khan, [Full-disclosure] HP Mercury Quality Center Any SQL execution (03.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (03.04.2007)
Files:POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow
 HP Mercury Quality Center runQuery exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod