Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for testdirector by hp

    CVE-2007-5289 (GCVE-0-2007-5289)

    Vulnerability from nvd – Published: 2009-02-24 17:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34046 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/501177/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33854 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34015 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/898865 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/501219/100… mailing-listx_refsource_BUGTRAQ
    http://blogs.exposit.co.uk/2009/02/23/vulnerabili… x_refsource_MISC
    Date Public
    2009-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34046",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34046"
              },
              {
                "name": "20090223 HP Quality Center vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
              },
              {
                "name": "33854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33854"
              },
              {
                "name": "34015",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34015"
              },
              {
                "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
              },
              {
                "name": "VU#898865",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/898865"
              },
              {
                "name": "20090224 Re: HP Quality Center vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement \"workflow\" and decisions about the \"capability\" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\\TD_80, and then setting the file\u0027s properties to read-only."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34046",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34046"
            },
            {
              "name": "20090223 HP Quality Center vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
            },
            {
              "name": "33854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33854"
            },
            {
              "name": "34015",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34015"
            },
            {
              "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
            },
            {
              "name": "VU#898865",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/898865"
            },
            {
              "name": "20090224 Re: HP Quality Center vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement \"workflow\" and decisions about the \"capability\" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\\TD_80, and then setting the file\u0027s properties to read-only."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34046",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34046"
                },
                {
                  "name": "20090223 HP Quality Center vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
                },
                {
                  "name": "33854",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33854"
                },
                {
                  "name": "34015",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34015"
                },
                {
                  "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
                },
                {
                  "name": "VU#898865",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/898865"
                },
                {
                  "name": "20090224 Re: HP Quality Center vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
                },
                {
                  "name": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/",
                  "refsource": "MISC",
                  "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5289",
        "datePublished": "2009-02-24T17:00:00.000Z",
        "dateReserved": "2007-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5289 (GCVE-0-2007-5289)

    Vulnerability from cvelistv5 – Published: 2009-02-24 17:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34046 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/501177/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33854 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34015 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/898865 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/501219/100… mailing-listx_refsource_BUGTRAQ
    http://blogs.exposit.co.uk/2009/02/23/vulnerabili… x_refsource_MISC
    Date Public
    2009-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34046",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34046"
              },
              {
                "name": "20090223 HP Quality Center vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
              },
              {
                "name": "33854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33854"
              },
              {
                "name": "34015",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34015"
              },
              {
                "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
              },
              {
                "name": "VU#898865",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/898865"
              },
              {
                "name": "20090224 Re: HP Quality Center vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement \"workflow\" and decisions about the \"capability\" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\\TD_80, and then setting the file\u0027s properties to read-only."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34046",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34046"
            },
            {
              "name": "20090223 HP Quality Center vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
            },
            {
              "name": "33854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33854"
            },
            {
              "name": "34015",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34015"
            },
            {
              "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
            },
            {
              "name": "VU#898865",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/898865"
            },
            {
              "name": "20090224 Re: HP Quality Center vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement \"workflow\" and decisions about the \"capability\" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\\TD_80, and then setting the file\u0027s properties to read-only."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34046",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34046"
                },
                {
                  "name": "20090223 HP Quality Center vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501177/100/0/threaded"
                },
                {
                  "name": "33854",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33854"
                },
                {
                  "name": "34015",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34015"
                },
                {
                  "name": "hpqualitycenter-workflowscripts-sec-bypass(48860)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48860"
                },
                {
                  "name": "VU#898865",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/898865"
                },
                {
                  "name": "20090224 Re: HP Quality Center vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501219/100/0/threaded"
                },
                {
                  "name": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/",
                  "refsource": "MISC",
                  "url": "http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5289",
        "datePublished": "2009-02-24T17:00:00.000Z",
        "dateReserved": "2007-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }