OSVDB: Open Sourced Vulnerability Database

Creditee: Andrea Micalizzi aka rgod

Known Contact Information:

(as of 2010-12-15)

Known Affiliations:

rgod's Site (as of 2006-09-07)
Zero Day Initiative (ZDI) (as of 2010-12-15)
via Secunia (as of 2012-02-03)
Beyond Security's SecuriTeam Secure Disclosure (as of 2012-03-14)

Disclosed Vulnerabilities (107):

Disc. Date	OSVDB ID	CVEID	Title
2013-05-14	93317	2013-0096	Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite
2013-04-24	92717		F-Secure Multiple Products Unspecified ActiveX Control Arbitrary SQL Statement Execution
2013-03-07	91026	2012-5201	HP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation Remote Code Execution
2013-03-07	91029	2012-5204	HP Intelligent Management Center IctDownloadServlet Arbitrary File Access
2013-03-07	91031	2012-5206	HP Intelligent Management Center SyslogDownloadServlet Directory Traversal Remote Information Disclosure
2013-03-07	91032	2012-5207	HP Intelligent Management Center RssServlet XXE Remote Information Disclosure
2013-03-07	91033	2012-5208	HP Intelligent Management Center DownloadServlet Directory Traversal Remote Information Disclosure
2013-03-07	91034	2012-5209	HP Intelligent Management Center flexFileUpload Servlet File Upload Directory Traversal Remote Code Execution
2013-03-07	91035	2012-5210	HP Intelligent Management Center TACACS+ Authentication Manager tamServletDownload Servlet Remote Information Disclosure
2013-03-07	91036	2012-5211	HP Intelligent Management Center User Access Manager acmServletDownload Servlet Remote Information Disclosure
2013-03-07	91037	2012-5212	HP Intelligent Management Center JavaService Server / Monitoring Deployment Agent Communication Channel Issue
2013-03-07	91027	2012-5202	HP Intelligent Management Center FaultDownloadServlet Arbitrary File Access
2013-03-07	91028	2012-5203	HP Intelligent Management Center ReportImgServlet Arbitrary File Access
2013-03-07	91030	2012-5205	HP Intelligent Management Center DownloadReportSourceServlet Arbitrary File Access
2013-03-07	91038	2012-5213	HP Intelligent Management Center Unspecified Remote Information Disclosure (2012-5213)
2013-03-07	91119	2013-1081	Novell ZENworks Mobile Management MDM.php language Parameter Traversal Local File Inclusion
2013-03-07	91118	2013-1082	Novell ZENworks Mobile Management DUSAP.php language Parameter Traversal Local File Inclusion
2013-03-05	91137	2013-1079	Flexera AdminStudio / InstallShield ActiveX (ISProxy.dll ) Multiple Method DLL Loading Arbitrary Code Execution
2013-01-30	89700	2012-0439	Novell GroupWise Client ActiveX (gwcls1.dll) Multiple Method XPItem Pointer Handling Arbitrary Code Execution
2013-01-07	89030		Foxit Reader npFoxitReaderPlugin.dll URL Handling Stack Buffer Overflow
2012-12-20	88724	2012-4616	EMC Data Protection Advisor Web UI Traversal Arbitrary File Access
2012-11-16	87336		NetIQ Privileged User Manager (npum) Default Credentials
2012-11-15	87335		NetIQ Privileged User Manager (npum) modifyAccounts Method auth.dll pa_modify_accounts() Function Admin Password Manipulation
2012-11-15	87333		NetIQ Privileged User Manager (npum) regclnt.dll set_log_config() Function Arbitrary File Creation
2012-11-15	87334		NetIQ Privileged User Manager (npum) ldapagnt.dll ldapagnt_eval() Function Request Parsing Remote Code Execution
2012-11-15	88755	2012-5931	Novell NetIQ Privileged User Manager unifid.exe regclnt.dll set_log_config Function Traversal Arbitrary File Manipulation
2012-11-15	88756	2012-5930	Novell NetIQ Privileged User Manager unifid.exe auth.dll pa_modify_accounts Function Unauthenticated Remote Admin Password Manipulation
2012-11-15	88754	2012-5932	Novell NetIQ Privileged User Manager unifid.exe ldapagnt.dll ldapagnt_eval Function Arbitrary Perl Code Remote Execution
2012-09-20	85797	2012-3262	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3262)
2012-09-20	85794	2012-3259	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3259)
2012-09-20	85795	2012-3260	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3260)
2012-09-20	85796	2012-3261	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3261)
2012-09-20	85798	2012-3263	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3263)
2012-09-20	85799	2012-3264	HP SiteScope SOAP Feature Unspecified Remote Code Execution (2012-3264)
2012-08-29	85152		HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Method Arbitrary File Manipulation Remote Code Execution
2012-08-29	85539		Flexera AdminStudio / InstallShield ISGrid.dll ActiveX DoFindReplace() Method Memory Corruption
2012-08-29	85061		HP Operations Orchestration RSScheduler JDBC Component Unspecified SQL Injection
2012-08-29	85059		HP Application Lifecycle Management XGO.ocx ActiveX CopyToFile() Method Arbitrary File Overwrite
2012-08-23	85014	2012-2289	EMC ApplicationXtender Multiple ActiveX Control Multiple Method Traversal Arbitrary File Upload
2012-08-07	85087		Oracle Business Transaction Management Server FlashTunnelService WriteToFile Multiple Function Arbitrary File Creation
2012-08-06	84493		AOL downloadUpdater2 Plugin for Firefox embed Element src Attribute Handling Overflow
2012-06-28	83399	2012-3811	Avaya IP Office Customer Call Reporter ImageUpload.ashx File Upload Remote Code Execution
2012-06-26	83311	2012-2516	General Electric (GE) Intelligent Platforms Multiple Product KeyHelp.ocx ActiveX Remote Command Execution
2012-06-21	83087		AOL dnUpdater ActiveX dnu.exe Init() Method Function Pointer Remote Code Execution
2012-05-25	84891	2012-4599	McAfee SmartFilter Administration SFAdminSrv.exe JBoss RMI Authentication Weakness Request Parsing Arbitrary WAR File Execution
2012-05-22	82150	2012-0294	Symantec Endpoint Protection Unspecified Traversal Arbitrary File Deletion
2012-05-22	82151	2012-0295	Symantec Endpoint Protection Unspecified Remote File Inclusion
2012-05-10	81832	2012-2052	Adobe Photoshop U3D.8bi Plugin Collada (.dae) Asset Element Handling Remote Overflow
2012-04-30	81657	2012-4598	McAfee Virtual Technician MVTControl ActiveX mvt.dll GetObject() Method Remote Command Execution
2012-04-19	81443	2012-0708	IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet() Function ActiveX (cqole.dll) Website Handling Remote Overflow
2012-04-05	80972		Quest vWorkspace Connection Broker Client ActiveX (pnllmcli.dll) SaveMiniLaunchFile() Method Arbitrary File Overwrite
2012-04-05	80973		Quest Toad for Oracle Explain Plan Display ActiveX (QExplain2.dll) SaveToFile Method Traversal Arbitrary File Overwrite
2012-03-29	80662	2012-5896	Quest InTrust ActiveX (AnnotateX.dll) Add() Method Remote Code Execution
2012-03-29	80661	2012-4876	TRENDnet SecurView TV-IP121WN ActiveX (UltraMJCamX.ocx) OpenFileDlg Method WideCharToMultiByte() Call Remote Overflow
2012-03-28	80663	2012-5306	D-Link SecuriCam DCS-5605 ActiveX (DcsCliCtrl.dll) SelectDirectory() Method lstrcpyW() Call Remote Overflow
2012-03-28	80664	2012-5897	Quest InTrust ActiveX (ARDoc.dll) Multiple Class SaveToFile() Method Arbitrary File Overwrite
2012-03-23	80297		Cisco Linksys WVC200 PlayerPT ActiveX (PlayerPT.ocx) SetSource() Method base64string Argument Parsing Remote Overflow
2012-03-22	80548		Google Talk (gTalk) Deprecated URI Handler Command Injection
2012-03-20	80205		CrazyTalk ActiveX (crazytalk4.ocx) Multiple Property Handling Overflow
2012-03-18	80261		ManageEngine DeviceExpert auth-conf.xml Authentication Credential Remote Disclosure
2012-03-18	80262		ManageEngine DeviceExpert ScheduleResultViewer Servlet FileName Parameter Traversal Arbitrary File Access
2012-03-14	80201	2012-0293	Symantec Altiris WISE Package Studio Multiple Unspecified SQL Injection
2012-03-08	79869		2X Client TuxClientSystem ActiveX (TuxClientSystem.dll) InstallClient() Method MSI Package URL Parsing Arbitrary Application Installation
2012-03-02	79735	2012-0198	IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Boundary Error Remote Overflow
2012-03-01	79730	2012-0199	IBM Tivoli Provisioning Manager Express for Software Distribution SoapServlet Servlet Printer.getPrinterAgentKey SQL Injection
2012-03-01	79731	2012-0199	IBM Tivoli Provisioning Manager Express for Software Distribution register.do Servlet User.updateUserValue() Function SQL Injection
2012-03-01	79732	2012-0199	IBM Tivoli Provisioning Manager Express for Software Distribution logon.do Servlet User.isExistingUser() Function SQL Injection
2012-03-01	79733	2012-0199	IBM Tivoli Provisioning Manager Express for Software Distribution CallHomeExec Servlet Asset.getHWKey() Function SQL Injection
2012-03-01	79734	2012-0199	IBM Tivoli Provisioning Manager Express for Software Distribution getAttachment Servlet Asset.getMimeType() Function SQL Injection
2012-02-16	79276	2012-1195	Lenovo ThinkManagement Console landesk/managementsuite/core/core.anonymous/ServerSetup.asmx RunAMTCommand Operation -PutUpdateFileCore Command Parsing Arbitrary File Upload
2012-02-16	79277	2012-1196	Lenovo ThinkManagement Console /WSVulnerabilityCore/VulCore.asmx SetTaskLogByFile Operation filename Parameter Traversal Arbitrary File Deletion
2012-02-09	78931		CA Total Defense Suite UNC Management Web Service App_Code.dll Domain Credentials Disclosure
2012-02-09	78930		CA Total Defense Suite UNC management.asmx Multiple Stored Procedure SQL Injection
2012-02-03	78831	2012-1065	2X ApplicationServer TuxSystem ActiveX (TuxScripting.dll) ExportSettings() Method Arbitrary File Overwrite
2012-01-16	78568	2012-0189	IBM SPSS SamplePower VsVIEW6 ActiveX (VsVIEW6.ocx) Multiple Method Remote Code Execution
2012-01-16	78329	2012-0188	IBM SPSS Data Collection ActiveX (mraboutb.dll) SetLicenseInfoEx() Method Handling Unspecified Remote Code Execution
2012-01-16	78330	2012-0190	IBM SPSS Data Collection ActiveX (ExportHTML.ocx) Render() Method Handling Remote Code Execution
2012-01-12	78310		McAfee Security-as-a-Service (SaaS) myCIOScn.dll MyCioScan.Scan.ShowReport() Method Remote Command Execution
2012-01-11	78305	2011-4787	HP Easy Printer Care Software HPTicketMgr.dll SaveXML() Method XMLSimpleAccessor Class Traversal Arbitrary File Creation
2012-01-11	78306	2011-4786	HP Easy Printer Care Software CacheDocumentXMLWithId() Method XMLCacheMgr Class Traversal Arbitrary File Creation
2011-12-21	78018	2011-4169	HP Managed Printing Administration Unspecified Access Restriction Bypass
2011-12-21	78015	2011-4166	HP Managed Printing Administration MPAUploader.Uploader.1.UploadFiles() Function Traversal Arbitrary File Creation
2011-12-21	78016	2011-4167	HP Managed Printing Administration VMPAUploader.dll3 default.asp filename Parameter String Parsing Remote Overflow
2011-12-21	78017	2011-4168	HP Managed Printing Administration jobDelivery\Default.asp Traversal Arbitrary File Creation
2011-12-19	77971	2011-5227	Enterasys Network Management Suite Syslog Service nssyslogd.exe PRIO Field Parsing Remote Overflow
2011-11-02	83370		Oracle Hyperion Financial Management TList6.ocx ActiveX SaveData() Method Remote Code Execution
2011-10-19	76698	2011-3174	Novell ZENworks Software Packaging ISGrid2.dll ActiveX (ISGrid.Grid2.1) DoFindReplace bstrReplaceText Parameter Remote Code Execution
2011-10-19	76700	2011-2657	Novell ZENworks Software Packaging ActiveX (LaunchHelp.dll) LaunchProcess Function Remote Code Execution
2011-10-19	76701	2011-3156	HP Data Protector dpnepolicyservice Component LogClientInstallation Method SQL Injection
2011-10-19	76699	2011-2658	Novell ZENworks Configuration Management AdminStudio Antique ActiveX Unspecified Remote Issue
2011-10-19	76702	2011-3157	HP Data Protector dpnepolicyservice Component GetPolicies Method clientVersion Field SQL Injection
2011-10-19	76703	2011-3158	HP Data Protector dpnepolicyservice Component RequestCopy Method type Field SQL Injection
2011-10-19	76704	2011-3159	HP Data Protector dpnepolicyservice Component LogClientHealth Method clientHealth Field SQL Injection
2011-10-19	76705	2011-3160	HP Data Protector dpnepolicyservice Component LogCopyOperation Method copyStatus Field SQL Injection
2011-10-19	76706	2011-3161	HP Data Protector dpnepolicyservice Component LogBackupLocationStatus Method backupLocationStatus Field Remote Code Execution
2011-10-19	76707	2011-3162	HP Data Protector dpnepolicyservice Component FinishedCopy Method SQL Injection
2011-07-08	74328		Trend Micro Control Manager Cas_LogDirectInsert.aspx XML Parsing Remote Code Execution
2011-04-13	74968	2011-1653	CA Total Defense management.asmx Multiple Stored Procedure SQL Injection
2011-04-13	74967	2011-1655	CA Total Defense Web Management Service management.asmx Module getDBConfigSettings() Method Remote Server Database Credentials Disclosure
2011-04-13	74969	2011-1653	CA Total Defense MainApplication.html DeleteFilter Stored Procedure SQL Injection
2011-04-13	74970	2011-1654	CA Total Defense Heartbeat Web Service FileUploadHandler.ashx GUID Parameter Traversal Arbitrary File Upload
2011-01-31	70755	2010-3719	Symantec IM Manager IMAdminSchedTask.asp ScheduleTask() Method Arbitrary ASP Code Injection
2011-01-18	70551	2010-4416	Oracle Fusion Middleware GoldenGate Veridata Server XML SOAP Request Remote Overflow
2010-12-26	70126	2010-4701	Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow
2010-12-15	69975	2010-0114	Symantec Endpoint Protection Manager Reporting Module fw_charts.php Remote Code Execution
2010-12-15	69969	2010-4113	HP Power Manager Management Server Login Form URL Parameter Overflow
2006-09-07	30956	2006-4674	DokuWiki bin/dwpage.php TARGET_FN Parameter Traversal File Upload Remote Code Execution

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.