OSVDB: Open Sourced Vulnerability Database

Creditee: Sebastian Apelt

Known Contact Information:

(as of 2005-05-24)
(as of 2005-11-18)
(as of 2007-07-18)
(as of 2010-10-18)

Known Affiliations:

iDefense Labs VCP (as of 2005-05-24)
Zero Day Initiative (ZDI) (as of 2005-11-18)
siberas (as of 2010-03-25)

Disclosed Vulnerabilities (53):

Disc. Date	OSVDB ID	CVEID	Title
2012-05-15	81944	2012-2411	RealPlayer RealJukebox Media Parser Remote Overflow
2011-08-19	74597	2011-2735	EMC AutoStart Multiple TCP Message Parsing Overflow
2011-06-15	73033	2011-2109	Adobe Shockwave Player Dirapi.dll Component Multiple Unspecified Integer Overflows
2011-06-15	73034	2011-2121	Adobe Shockwave Player AudioMixer.x32 Module Director Movie File Mixer Structure Parsing Remote Code Execution
2011-06-14	73013	2011-2120	Adobe Shockwave Player Cursor Asset.x32 Module Director Movie File Cursor Structure Parsing Remote Code Execution
2011-02-08	71383	2011-0598	Adobe Reader / Acrobat ACE.dll ICC Parsing Overflow
2011-02-08	70840	2011-0758	CA Secure Content Manager ECSQdmn.exe DWORD Overflow
2010-12-10	69851	2010-4391	RealPlayer Multiple Products RMX File Unspecified Header Field Overflow
2010-12-10	69852	2010-4392	RealPlayer Multiple Products RealMedia File Crafted ImageMap Data Overflow
2010-10-18	68706	2010-4070	IBM Informix Dynamic Server portmap.exe librpc.dll Crafted RPC Packet Remote Overflow
2010-10-15	68676	2010-3750	RealPlayer Multiple Products rjrmrpln.dll Media File Logical Stream Name Value Property Element Arbitrary Code Execution
2010-10-13	68558	2010-2741	Microsoft Windows OpenType Malformed Font Validation Remote Code Execution
2010-10-12	68553	2010-1883	Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow
2010-10-05	68421	2010-3621	Adobe Reader / Acrobat ACE.dll ICC Stream Handling Memory Corruption
2010-10-05	68422	2010-3622	Adobe Reader / Acrobat ACE.dll ICC Stream mluc Structure Handling Memory Corruption
2010-09-28	68394	2010-3754	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe FXCLI_OraBR_Exec_Command Function Arbitrary Code Execution
2010-09-28	68395	2010-3755	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe _DAS_ReadBlockReply Function Remote DoS
2010-09-28	68396	2010-3756	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe _CalcHashValueWithLength Function Remote DoS
2010-09-27	68397	2010-3757	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe _Eventlog Function Format String Arbitrary Code Execution
2010-09-27	68398	2010-3758	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe Multiple Function Overflows
2010-09-27	68399	2010-3759	IBM Tivoli Storage Manager (TSM) FastBack Mount Service FastBackMount.exe UDP Packet Field Multiple Request Arbitrary Code Execution
2010-08-26	67732	2010-3000	RealPlayer Multiple Products FLV File ParseKnownType Function Multiple Overflows
2010-03-25	63237	2010-2672	eZ Publish Search Functionality Multiple Parameter SQL Injection
2010-03-25	63238	2010-2672	eZ Publish Advancedsearch Functionality SearchContentClassAttributeID Parameter SQL Injection
2010-03-25	63239	2010-2671	eZ Publish advancedsearch.php subTreeItem Parameter XSS
2010-03-01	62783	2009-2753 2009-2754	IBM Informix Dynamic Server portmap.exe librpc.dll Authentication Functionality Multiple Overflows
2010-03-01	65507	2009-2753 2009-2754	EMC Networker portmap.exe librpc.dll Authentication Functionality Multiple Overflows
2009-06-01	54876	2009-0953	Apple QuickTime PICT Image Opcode 0x8201 Handling Overflow
2009-05-12	54452	2009-0010	Apple Mac OS X QuickDraw Manager PICT Opcode 0x71 Handling Overflow
2009-04-28	54158	2009-1430	Symantec Multiple Products Intel Alert Originator Service (IAO.EXE) memcpy() Function Remote Overflow
2008-12-03	50517	2008-5357	Sun Java JDK / JRE TrueType Font Processing Integer Overflow
2008-10-04	50237	2008-4480 2008-4478	Novell eDirectory dhost.exe Netware Core Protocol Multiple Opcode Message Remote Overflow
2008-07-04	46708	2008-3159	Novell eDirectory ds.dlm Crafted Packet Handling Remote Overflow
2008-06-10	46083	2008-1442	Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution
2008-06-04	46013	2008-2541	CA Secure Content Manager HTTP Gateway Service (icihttp.exe) LIST Command Response Handling Overflow
2008-04-08	44214	2008-1083	Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow
2008-02-20	41978	2008-0638	Symantec Veritas Storage Foundation Administrator Service (vxsvc.exe) Remote Overflow
2008-02-12	41539	2007-6149	Adobe Flash Media / Connect Enterprise Edge Server Real Time Message Protocol (RTMP) Message Overflow
2008-01-10	40353	2008-0247	IBM Tivoli Storage Manager (TSM) Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow
2007-09-20	38161	2007-4880	IBM Tivoli Storage Manager (TSM) Client Client Acceptor Daemon (CAD, dsmcad.exe) Remote Overflow
2007-09-07	45878	2007-4731	Trend Micro ServerProtect TMReg.dll TMregChange Function Remote Overflow
2007-07-24	37698	2007-3302	CA eTrust Intrusion Detection CallCode ActiveX (caller.dll) Arbitrary Code Execution
2007-07-18	36221	2007-2795	Ipswitch IMail Imailsec.dll Authentication Overflow
2007-03-09	36222	2007-2795	Ipswitch IMail IMAP SUBSCRIBE Command Overflow
2006-12-13	31335	2006-6222	Symantec Veritas NetBackup bpcd daemon (bpcd.exe) Malformed Length Prefix Arbitrary Code Execution
2006-12-13	31336	2006-5822	Symantec Veritas NetBackup bpcd daemon (bpcd.exe) CONNECT_OPTIONS Remote Overflow
2006-03-27	24171	2006-0990	VERITAS NetBackup Catalog Daemon (bpdbm.exe) Unspecified Remote Overflow
2006-03-27	24172	2006-0989	VERITAS NetBackup Volume Manager Daemon (vmd.exe) Unspecified Remote Overflow
2006-02-10	23121	2005-2712	IBM Lotus Domino Server nldap.exe Long String NULL Dererence DoS
2005-12-06	21499	2005-2923	Ipswitch IMail Server IMAP LIST Command Remote Overflow DoS
2005-11-18	20956	2005-3314	Novell NetMail IMAP Service Verb Argument Remote Overflow
2005-06-22	17626	2005-0772	VERITAS Backup Exec Agent NDMLSRVR.DLL Remote DoS
2005-05-24	16807	2005-1254	Ipswitch IMail IMAP SELECT Command Remote DoS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.