Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 06/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp mercury quality center 9.0

#!/usr/bin/perl #****************************************************************** # HP Mercury Quality Center runQuery exploit # Run whatever SQL you want on there db - without SQL injection # Problem is client can do "RunQuery" command os we write program # to do this Client can lots other things it should not also! # The backend database can ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053406.html http://www.securitytracker.com/id?1017842 http://secunia.com/advisories/24730 http://securityreason.com/securityalert/2527 http://osvdb.org/34630 http://www.vupen.com/english/advisories/2007/1246 https://exchange.xforce.ibmcloud.com/vulnerabilities/33385 https://nvd.nist.gov https://www.exploit-db.com/exploits/3654/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1882

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect