OSVDB: Open Sourced Vulnerability Database

Creditee: Mark Litchfield

Known Contact Information:

(as of 2002-04-17)
(as of 2002-06-26)

Known Affiliations:

NGS Software (as of 2002-04-17)
NGSSecure (as of 2012-02-01)

Disclosed Vulnerabilities (14):

Disc. Date	OSVDB ID	CVEID	Title
2012-03-07	79987		DotNetNuke Extension Renaming Validation File Upload Remote ASPX Code Exeuction
2012-02-01	78830		DotNetNuke User Management Functions Access Restriction Bypass
2007-07-05	37687	2007-3608	EnjoySAP SAP GUI Multiple ActiveX Unspecified File Manipulation
2007-07-05	37688	2007-3607	EnjoySAP SAP GUI Multiple ActiveX Unspecified DoS
2007-07-05	37690	2007-3605	EnjoySAP SAP GUI kweditcontrol.kwedit.1 ActiveX (kwedit.dll) PrepareToPostHTML Function Arbitrary Code Execution
2007-07-05	38096	2007-3624	SAP Message Server HTTP Server /msgserver/html/group Remote Overflow
2007-07-05	38095	2007-3615	SAP NetWeaver Web Application Server Internet Communication Manager Crafted URI Remote DoS
2007-07-05	36480	2007-3613	SAP Internet Graphics Service ADM:GETLOGFILE PARAMS Parameter XSS
2005-04-12	15626		IBM Lotus Domino Malformed POST Request Remote Overflow
2005-04-05	12563	2005-0942	Sybase ASE "install java" Overflow
2002-07-24	10135	2002-0729	Microsoft SQL Server Malformed 0x08 Packet DoS
2002-06-26	5172	2002-0621	Microsoft Commerce Server OWC Installer LocalSystem Arbitrary Code Execution
2002-04-17	10448	2002-0595	WebTrends Reporting Center WTX_REMOTE.DLL /reports/ Remote Overflow
2002-04-17	10447	2002-0596	WebTrends Reporting Center get_od_toc.pl Path Disclosure

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.