OSVDB: The Open Source Vulnerability Database

Creditee: Stephen Fewer

Known Contact Information:

(as of 2007-10-10)
(as of 2008-08-14)
(as of 2009-07-17)

Known Affiliations:

Harmony Security (as of 2000-01-04)
iDefense Labs VCP (as of 2007-10-10)
Zero Day Initiative (ZDI) (as of 2008-08-14)

Disclosed Vulnerabilities (42):

Disc. Date	OSVDB ID	CVEID	Title
2011-08-09	74496	2011-1347	Microsoft IE Protected Mode Bypass Arbitrary File Creation
2011-08-09	74500	2011-1964	Microsoft IE STYLE Object Parsing Memory Corruption
2011-04-12	71725	2011-1345	Microsoft IE Object Management onPropertyManagement Processing Memory Corruption
2011-03-09	75250	2011-1346	Microsoft IE Unspecified Remote Code Execution
2011-01-31	70754	2011-0276	HP OpenView Performance Insight com.trinagy.security.XMLUserManager Default Account Arbitrary File Upload
2010-12-14	69828	2010-3345	Microsoft IE Recursive Select Element Remote Code Execution
2010-10-12	69051	2010-3555	Oracle Java SE / Java for Business ActiveX Plugin Uninitialized Window Handle Arbitrary Code Execution
2010-10-12	68873	2010-3552	Oracle Java New Plugin docbase Parameter Overflow
2010-09-30	69873		Novell iManager com.novell.nps.serviceProviders.PortalModuleInstallManager Servlet Arbitrary File Upload
2010-09-28	68394	2010-3754	IBM Tivoli Storage Manager (TSM) FastBack Server FastBackServer.exe FXCLI_OraBR_Exec_Command Function Arbitrary Code Execution
2010-07-27	68320		Novell iManager nps.jar getMultiPartParameters() Arbitrary File Upload
2010-07-16	66461	2010-2773	Novell Teaming Access Manager ajaxUploadImageFile upload_image_file Operation Arbitrary Code Execution
2010-06-21	65629	2010-0284	Novell Access Manager PortalModuleInstallManager Traversal Arbitrary File Upload
2010-03-30	63500	2010-0838	Oracle Java SE / Java for Business Java 2D CMM Module readMabCurveData Function curv Object Handling Overflow
2010-03-30	63412		Novell ZENworks Configuration Management Remote Management UploadServlet Arbitrary Code Execution
2010-03-30	65361		Novell ZENworks Configuration Management Preboot Service Remote Code Execution
2010-02-23	62538	2010-0620	EMC HomeBase Server SSL Service Traversal File Upload Unspecified Arbitrary Code Execution
2009-12-07	60852	2009-3844	HP Application Recovery Manager OmniInet Process MSG_PROTOCOL Packet Handling Remote Overflow
2009-11-18	60317	2009-3843	HP Operations Manager on Windows Unspecified Access Restriction Bypass
2009-10-28	59750		Open Text Search Server Hummingbird STR Service (STRsvc.exe) STRlib.dll Library Overflow
2009-10-28	59749		Documentum eRoom Hummingbird STR Service (STRsvc.exe) STRlib.dll Library Overflow
2009-07-22	56247	2009-2582	Akamai Download Manager ActiveX manager.exe Redswoosh Download HTTP Response Handling Overflow
2009-07-17	55996		Novell Privileged User Manager unifid.exe Service spf RPC Request Library Injection Arbitrary Code Execution
2009-04-28	54172	2009-1291	TIBCO Multiple Products SmartSockets RTserver Component Inbound Data Remote Overflow
2009-04-16	57896	2009-3068	Adobe RoboHelp Management Web Server Crafted POST Request File Upload Arbitrary Code Execution
2008-10-14	49068	2008-3466	Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow
2008-08-14	59064	2008-3685	EMC Documentum ApplicationXtender Admin Agent (aws_tmxn.exe) Traversal Arbitrary File Upload
2008-08-14	59065	2008-3684	EMC Documentum ApplicationXtender Admin Agent (aws_tmxn.exe) TCP Packet Handling Remote Overflow
2008-06-04	46205	2007-5671	VMware Multiple Products HGFS.sys user-mode METHOD_NEITHER IOCTLs Local Privilege Escalation
2008-05-27	45714	2008-2158	EMC AlphaStor Server Agent CLI Process Multiple Unspecified Remote Overflows
2008-05-27	45715	2008-2157	EMC AlphaStor Library Manager robotd Remote Arbitrary Command Execution
2008-04-10	44419	2008-0961	EMC DiskXtender RPC Interface Default Persistent Account
2008-04-09	44418	2008-0962	EMC DiskXtender File System Manager RPC Interface Remote Overflow
2008-04-09	44417	2008-0963	EMC DiskXtender MediaStor RPC Interface Remote Format String
2008-02-19	42955	2007-6426	EMC RepliStor Data Decompression Multiple Unspecified Remote Overflows
2008-01-09	40871	2007-5762	Novell NetWare Client NICM.SYS Local Privilege Escalation
2008-01-07	40106	2007-5761	Motorola netOctopus Agent nantsys.sys MSR Write Local Privilege Escalation
2008-01-07	39995	2007-5665	Novell ZENworks Endpoint Security Management STEngine Privilege Escalation
2007-11-12	40867	2007-5667	Novell Client NWFILTER.SYS Local Privilege Escalation
2007-11-06	38496	2007-4223	Microsoft Sysinternals DebugView Dbgv.sys Local Privilege Escalation
2007-10-10	37713	2007-3675	Kaspersky Online Scanner kavwebscan.CKAVWebScan ActiveX (kavwebscan.dll) Format String Arbitrary Code Execution
2000-01-04	12022	2000-0049	Winamp Client .pls File Overflow

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.