---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: HP Mercury Quality Center "RunQuery()" Insecure Method SECUNIA ADVISORY ID: SA24730 VERIFY ADVISORY: http://secunia.com/advisories/24730/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: >From local network SOFTWARE: HP Mercury Quality Center 9.x http://secunia.com/product/13827/ DESCRIPTION: Isma Khan has reported a vulnerability in HP Mercury Quality Center, which can be exploited by malicious users to manipulate certain data. The problem is that the "RunQuery()" method can be used by authenticated users to execute certain SQL commands when making POST requests to qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment. This can be exploited to e.g. delete users or update user information in the USER table via specially crafted POST requests. The vulnerability is reported in version 9.0 build 9.1.0.4352. Other versions may also be affected. SOLUTION: Grant only trusted users access to the application. PROVIDED AND/OR DISCOVERED BY: Isma Khan ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053406.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------