rgod web pages

rgod web pages

This site is by Andrea Micalizzi, 36 years old from Catania, Italy, also known as rgod, also known as retrogod, and occasionally from
my friends of 9SG. I am atheist. Communist. Very patient guy. This is the one and only official site that contains articles, security advisories and proof of concepts related to my work as independent security researcher. Exploits on this site are not weaponized and are intended as mere evidence of vulnerability found by me. I already work as an external consultant for various companies and I am *NOT* interested in any other job one can do from an office (place often populated by clowns). I don't teach hacking. I don't exploit holes in public sites or networks.I don't need your fifteen grands for a vulnerability in Internet Explorer, Firefox, Apache web server or PHP because I am already rich (I am very good at my work). Also, important, I am a very busy person and I respond only to very smart emails once in a lifetime.
The 'news of my death' was a practical joke organized and perpetrated by me and my friends to protect me from occasional pests and idiots. In facts, no death certificate has ever been produced if you had the smartness to monitor and if you were a real-life phone phreaker, which you are not. I delivered myself the site credentials to "9 situations group" to keep the site in months when not practicing my activity and I was enjoyng life after healing from an heavy infection of the bone marrow caused in 2008 by a trivial influence. I want to thanks all the people that are used to copy and paste (bad attitude) while erecting sites in my honor, but no one ever asked.
This site has never been hacked from 2004 since it started.

rgod web pages

art

writings

hacking/coding

released through vulnerability affiliation programs

andrea micalizzi aka rgod

an ink sketch I've done after the painting version. Somehow, I prefer this.Click to enlarge:

L'uomo dalle ciglia cucite alla fronte ______________
Jan 13, 2005
Author: rgod

scritto bolognese, mai corretto. Riscritto trenta volte, difficile lavoro di sottrazione. Comprendeva chorps trans, diviso in due sezioni.
leggi tutto...

chorps trans ______________
Aug 23, 2004
Author: rgod
raccolta di scritti proveniente da Bologna (tre anni fa? poesia narrativa?)

advisory______________
May 26, 2013
Author: rgod

SIEMENS Solid Edge ST4 WebPartHelper ActiveX Control
RFMSsvs!JShellExecuteEx Remote Command Execution (advisory)

SIEMENS Solid Edge ST4 WebPartHelper ActiveX Control
RFMSsvs!JShellExecuteEx Remote Command Execution (poc)

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Control SetItemReadOnly
Arbitrary Memory Rewrite Remote Code Execution Vulnerability (advisory)

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Control SetItemReadOnly
Arbitrary Memory Rewrite Remote Code Execution Vulnerability (poc)

advisory______________
Jan 7, 2013
Author: rgod

Foxit Reader <= 5.4.4.1128 Plugin for Firefox npFoxitReaderPlugin.dll Overlong
Query String Remote Stack Buffer Overflow

advisory______________
Nov 14, 2012
Author: rgod

Novell NetIQ Privileged User Manager 2.3.1 auth.dll pa_modify_accounts()
Remote Code Execution (advisory)

Novell NetIQ Privileged User Manager 2.3.1 auth.dll pa_modify_accounts()
Remote Code Execution Exploit (pre auth/SYSTEM)

Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval()
Perl Code Evaluation Remote Code Execution (advisory)

Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval()
Perl Code Evaluation Remote Code Execution Exploit (pre auth/SYSTEM)

advisory______________
Aug 6, 2012
Author: rgod

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService
Remote File Deletion (poc)

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService
Remote File Deletion (advisory)

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService
WriteToFile Message Remote Code Execution (poc)

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService
WriteToFile Message Remote Code Execution (advisory)

advisory______________
Aug 6, 2012
Author: rgod

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution (advisory)

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution (poc)

advisories______________
May 10, 2012
Author: rgod

Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements
Stack Based Buffer Overflow Vulnerability (advisory)

Adobe Photoshop CS5.1 U3D.8bi Library Collada Asset Elements Stack Based Buffer Overflow (poc)

advisories______________
Apr 30, 2012
Author: rgod

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control
GetObject() Security Bypass Remote Code Execution (poc)

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control
GetObject() Security Bypass Remote Code Execution (advisory)

advisories______________
Apr 5, 2012
Author: rgod

Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547)
SaveMiniLaunchFile() Method Remote File Creation / Overwrite poc

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115)
Remote File Creation / Overwrite poc

advisory______________
Mar 28, 2012
Author: rgod

Quest InTrust 10.4.x ReportTree and SimpleTree Classes
ArDoc.dll ActiveX Control Remote File Creation / Overwrite (poc II)

Quest InTrust 10.4.x ReportTree and SimpleTree Classes
ArDoc.dll ActiveX Control Remote File Creation / Overwrite (poc I)

Quest InTrust 10.4.x ReportTree and SimpleTree Classes
ArDoc.dll ActiveX Control Remote File Creation / Overwrite (advisory)

advisory______________
Mar 28, 2012
Author: rgod

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control
DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability (poc)

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control
DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability (advisory)

advisory______________
Mar 28, 2012
Author: rgod

Quest InTrust 10.4.x Annotation Objects ActiveX Control
AnnotateX.dll Uninitialized Pointer Remote Code Execution (poc)

Quest InTrust 10.4.x Annotation Objects ActiveX Control
AnnotateX.dll Uninitialized Pointer Remote Code Execution (advisory)

advisory______________
Mar 27, 2012
Author: rgod

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX
Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow (poc)

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX
Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow (advisory)

advisory______________
Mar 22, 2012
Author: rgod

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX
Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability

advisory______________
Mar 21, 2012
Author: rgod

Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated
Remote Directory Traversal Vulnerability

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated
Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

2X ApplicationServer 10.1 TuxSystem Class ActiveX Control TuxScripting.dll
ExportSettings Remote File Overwrite Vulnerability (poc)

2X ApplicationServer 10.1 TuxSystem Class ActiveX Control TuxScripting.dll
ExportSettings Remote File Overwrite Vulnerability (advisory)

2X ApplicationServer 10.1 TuxSystem Class ActiveX Control TuxScripting.dll
ExportSettings Remote File Overwrite Vulnerability (SVCRP)

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

2X Client for RDP 10.1.1204 ClientSystem Class ActiveX Control
TuxClientSystem.dll InstallClient() Download and Execute
Vulnerability (poc)

2X Client for RDP 10.1.1204 ClientSystem Class ActiveX Control
TuxClientSystem.dll InstallClient() Download and Execute
Vulnerability (advisory)

2X Client for RDP 10.1.1204 ClientSystem Class ActiveX Control
TuxClientSystem.dll InstallClient() Download and Execute
Vulnerability (SVCRP)

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll
SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability (poc)

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll
SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability (advisory)

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll
SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability (SVCRP)

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll
RunAMTCommand Remote Code Execution Vulnerability (poc)

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll
RunAMTCommand Remote Code Execution Vulnerability (advisory)

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll
RunAMTCommand Remote Code Execution Vulnerability (SVCRP)

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll
sprintf Remote Buffer Overflow Vulnerability (poc, no-DEP)

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll
sprintf Remote Buffer Overflow Vulnerability (advisory)

various advisories & exploits ______________
Nov 7, 2011
Author: rgod

Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One
WorkBook OLE Control TTF16 (6.3.5 Build 1) SetDevNames() Remote Heap Overflow poc

various advisories & exploits ______________
Nov 1, 2011
Author: rgod

Oracle Hyperion Financial Management TList6 ActiveX
Control Remote Code Execution Vulnerability advisory

Oracle Hyperion Financial Management 11.1.2.1.0
TList6.ocx ActiveX Control Remote Code Execution Vulnerability PoC

various advisories & exploits ______________
Oct 30, 2011
Author: rgod

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer
Overflow PoC (*.oce)

various advisories & exploits ______________
Oct 20, 2011
Author: rgod

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control ExportEdaBom Remote Code Execution Vulnerabilty

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control Export3DBom Remote Code Execution Vulnerability

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control SaveViewStateToFile Remote File Creation / Overwrite Vulnerability

various advisories & exploits ______________
Oct 18, 2011
Author: rgod

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers
HOST Attribute Stack Based Buffer Overflow Vulnerability

various advisories & exploits ______________
Sep 15, 2011
Author: rgod

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration
getSubKeys() Remote SQL Injection Exploit

various advisories & exploits ______________
Jul 25, 2011
Author: rgod

CA ARCserve D2D r15 GWT RPC Request Auth Bypass /
Credentials Disclosure and Commands Execution PoC

various advisories & exploits ______________
Jul 13, 2011
Author: rgod

Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control
readRegVal() Remote Registry Dump Vulnerability

various advisories & exploits ______________
Jun 2, 2011
Author: rgod

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote
Commands Injection Vulnerability (advisory)

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote
Commands Injection Vulnerability (poc)

various advisories & exploits ______________
Apr 1, 2011
Author: rgod

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control
(InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution
and Code Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control
(InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution
Vulnerabilities

various advisories & exploits ______________
Dec 31, 2010
Author: rgod

HP Photo Creattive v. 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc

various advisories & exploits ______________
Dec 30, 2010
Author: rgod

CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet
Code Execution Vulnerability Poc

various advisories & exploits ______________
Dec 29, 2010
Author: rgod

Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc

various advisories & exploits ______________
Dec 26 , 2010
Author: rgod

Microsoft Windows Fax Services Cover Page Editor (.cov) memory corruption poc

various advisories & exploits ______________
Dec 2 , 2009
Author: Nine:Situations:Group ::pyrokinesis

Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

various advisories & exploits ______________
Oct 1 , 2009
Author: Nine:Situations:Group ::pyrokinesis

Google Apps googleapps.url.mailto: // uri handler cross-browser remote command execution exploit

AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit

IBM Informix Client SDK 3.0 SetNet32 File (.nfx) Hostsize integer overflow exploit

EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service poc

Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges

AOL IWinAmpActiveX Class (AmpX.dll 2.4.0.6) ConvertFile() remote overflow exploit

South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges

RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit

RunCms v.2M1 store() - 'pid' remote SQL Injection Exploit

various advisories & exploits ______________
Sep 29 , 2009
Author: Nine:Situations:Group ::pyrokinesis

IBM Installation Manager <= 1.3.0 iim:// uri handler remote code execution exploit

EMC multiple products KeyWorks KeyHelp Module (keyhelp.o cx 1.2.312) remote buffer overflow exploit

Oracle Document Capture BlackIce DEVMODE ActiveX Control remote stack based buffer overflow

Oracle Document Capture BlackIce DEVMODE ActiveX Control remote command execution

Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges

HP LoadRunner 9.5 Persits.XU pload.2 control (XUpload.o cx) MakeHttpRe quest() remote file creation poc

various advisories & exploits ______________
May 30, 2009
Author: Nine:Situations:Group ::pyrokinesis

ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer
remote buffer overflow poc

COWON America jetCast 2.0.4.1109 (.mp3) Local Overflow Exploit

Pinnacle Studio 12 (.hfz) Directory Traversal Vulnerability

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Symantec Fax Viewer Control 10 (DCCFAXVW.DLL) Remote BOF Exploit

Zoom Player Pro v.3.30 .m3u File Buffer Overflow Exploit (seh)

Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC

Geeklog <= 1.5.2 savepreferences()/*blocks[] SQL Injection Exploit

ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit

Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

various advisories & exploits ______________
Mar 31 , 2009
Author: Nine:Situations:Group ::bruiser

glFusion <= 1.1.2 COM_applyFilter()/order SQL Injection Exploit

PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability

BS.Player <= 2.34 Build 980 (.bsl) Local Buffer Overflow Exploit (SEH)

CDex 1.70b2 (.ogg) Local Buffer Overflow Exploit (xp/ sp3)

PPLive <= 1.9.21 (/LoadModule) URI Handlers Argument Injection Vuln

GeoVision LiveAudio ActiveX Remote Freed-Memory Access Exploit

various advisories & exploits ______________
Mar 05, 2009
Author: Nine:Situations:Group ::bruiser

SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit

various advisories & exploits ______________
Mar 03, 2009
Author: Nine:Situations:Group ::surfista

Activex test suite (this command line tool, written in C#, shows if a control is killbitted and safe for scripting / safe for initialization according to IObjectSafety interface (if implemented) or according to the windows registry (if IObjectSafety interface does not ovveride it), click to download it

Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc

various advisories & exploits ______________
Jan 08 , 2009
Author: Nine:Situations:Group ::bruiser

Megacubo 5.0.7 (mega://) remote eval() injection exploit

various advisories & exploits ______________
Dec 25 , 2008
Author: Nine:Situations:Group ::Pyrokinesis

Google Chrome (ChromeHTML://) Remote Parameter Injection (exploitable through IE)

KVIrc 3.4.2 Shiny (uri handler) Remote Command Execution Exploit

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Vulnerability

ooVoo 1.7.1.35 (URL Protocol) Remote Unicode Buffer Overflow PoC

hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities

various advisories & exploits ______________
Oct 8 , 2008
Author: Nine:Situations:Group ::Pyrokinesis

Microsoft PicturePusher ActiveX (PipPPush.DLL 7.00.0709) remote Cross Site File Upload attack poc

Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit

various advisories & exploits ______________
Sep 19, 2008
Author: Nine:Situations:Group :: bruiser

NuMedia Soft NMS DVD Burning SDK Activex (NMSDVDX.dll) remote exploit

Pluck 4.5.3 update.php remote file corruption exploit

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Pivot 1.40.5 Dreamwind load_template() Credentials Disclosure Exploit

various advisories & exploits ______________
Jun 10 , 2008
Author: Nine:Situations:Group :: bookoo

muvee Technologies Text-Effect DXT Filter for autoProducer (TextOut.dll v6.0.18.1) Fontsetting property remote buffer overflow exploit

muvee Technologies MPEffects Module (MPEffects.dll 6.0.18.1) divide by zero crash

C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit

CA Internet Security Suite 2008 (UmxEventCli.dll/SaveToFile()) remote file corruption poc

various advisories & exploits ______________
Apr 12 , 2008
Author: rgod

D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5) / 4xem VatCtrl Class (VATDecoder.dll 1.0.0.51) / RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39) all-in-one exploit

various advisories & exploits ______________
Feb 9, 2008
Author: rgod

Microsoft DirectSpeechSynthesis Module (XVoice.dll 4.0.4.3303)
remote buffer overflow exploit/ (IE7/XP SP2 heap spray version)

Toshiba Surveillance (MeIpCamX.DLL 1.0.0.4) Remote BOF Exploit

RTS Sentry Digital Surveillance (CamPanel.dll 2.1.0.2) BOF Exploit

NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) remote heap
overflow exploit (IE7/XP SP2)

level One Digital Data Communications (RtspVaPgCtrl) "MP4Prefix" Remote BOF Exploit

ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC

various advisories & exploits ______________
Dec 17, 2007
Author: rgod

iMesh < = 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote heap exploit

RaidenHTTPD 2.0.19 ulang cmd exec poc exploit

SurgeMail v.38k4 webmail Host header denial of service exploit

various advisories & exploits ______________
Nov 5, 2007
Author: rgod

GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit

CyberLink PowerDVD CreateNewFile Arbitrary Remote Rewrite DoS

EasyMail MessagePrinter Object (emprint.DLL 6.0.1.0) BOF Exploit

various advisories & exploits ______________
Sep 7, 2007
Author: rgod

Microsoft SQL Server Distributed Management Objects OLE DLL for
SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc

various advisories & exploits ______________
Sep 3, 2007
Author: rgod

Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll (v.1) remote arbitrary registry key manipulation

Hexamail Server 3.0.0.001 (pop3) pre-auth remote overflow poc

various advisories & exploits ______________
Aug 30, 2007
Author: rgod

Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF

eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote BOF Exploit

various advisories & exploits ______________
Jul 12, 2007
Author: rgod

AMX Corp. VNC ActiveX Control (AmxVnc.dll 1.0.13.0) BoF Exploit

PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit

various advisories & exploits ______________
Jun 12, 2007
Author: rgod

Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll)
/ DirectSpeechRecognition Module (Xlisten.dll)
remote buffer overflow exploit / 2k sp4 seh version

Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll 4.0.4.2512)
/ DirectSpeechRecognition Module (Xlisten.dll 4.0.4.2512)
remote buffer overflow exploit/ xp sp2 version

advisory______________
May 30, 2013
Author: rgod

[ZDI] Apple QuickTime Movie File mvhd Atom Handling Heap Buffer Underflow

[ZDI] F-Secure Multiple Products Unspecified ActiveX Control Arbitrary SQL Statement Execution

[ZDI] EMC Data Protection Advisor Web UI Traversal Arbitrary File Reading

[ZDI] Novell ZENworks Mobile Management MDM.php language Parameter Traversal Local File Inclusion

[ZDI] Novell ZENworks Mobile Management DUSAP.php language Parameter Traversal Local File Inclusion

[ZDI] IBM SPSS Chart2D olch2x32.ocx ActiveX Remote Code Execution Vulnerability

[ZDI] Oracle WebCenter Content CheckOutAndOpen.dll ActiveX coao/openWebdav Remote Code Execution Vulnerability

[ZDI] HP Managed Printing Administrator mdbBuildValueBasedSQL() Remote Code Execution Vulnerability

advisory______________
May 17, 2013
Author: rgod

Microsoft Windows Essentials Improper URI Handling Vulnerability (Beyond Security's SSD)

advisories ______________
Apr 14, 2013
Author: rgod

Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability

Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability

HP Intelligent Management Center flexFileUpload Servlet Remote Code Execution Vulnerability

HP Intelligent Management Center mibFileUpload Servlet Remote Code Execution Vulnerability

HP Intelligent Management Center FaultDownloadServlet Information Disclosure Vulnerability

HP Intelligent Management Center ReportImgServlet Information Disclosure Vulnerability

HP Intelligent Management Center IctDownloadServlet Information Disclosure Vulnerability

HP Intelligent Management Center DownloadReportSourceServlet Information Disclosure Vulnerability

HP Intelligent Management Center DownloadServlet Information Disclosure Vulnerability

HP Intelligent Management Center UAM acmServletDownload Servlet Information Disclosure Vulnerability

HP Intelligent Management Center TAM tamServletDownload Servlet Information Disclosure Vulnerability

HP Intelligent Management Center SyslogDownloadServlet Information Disclosure Vulnerability

HP Intelligent Management Center RssServlet Information Disclosure Vulnerability

HP Intelligent Management Center JavaService Information Disclosure Vulnerability

advisories ______________
Aug 28, 2012
Author: rgod

EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability

Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability

EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability

HP SiteScope SOAP Call update Remote Code Execution Vulnerability

HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability

HP SiteScope SOAP Call create Remote Code Execution Vulnerability

HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability

HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability

HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability

HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability

GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability

Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability

McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty

advisory ______________
Jun 29, 2012
Author: rgod

[ZDI] IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability

[ZDI] Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability

advisory ______________
Jun 26, 2012
Author: rgod

[ZDI] AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability

various advisories & exploits ______________
Apr 30, 2012
Author: rgod

[ZDI] Oracle Forms Recognition CroScPlt.dll ActiveX Control Remote Code Execution Vulnerability

[ZDI] Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerability

various advisories & exploits ______________
Mar 19, 2012
Author: rgod

[Beyond Security] Symantec Altiris WISE Package Studio Multiple SQL Injections

various advisories & exploits ______________
Mar 18, 2012
Author: rgod

[ZDI] IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple Remote Code Execution Vulnerabilities

[ZDI] IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability

[ZDI] IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability

[ZDI] IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities

[ZDI] IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability

[ZDI] IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability

[ZDI] Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability

[ZDI] Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability

[ZDI] Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

[ZDI] IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vulnerability

[ZDI] IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability

[ZDI] HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

[ZDI] HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability

[ZDI] McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution

[ZDI] HP Managed Printing Administration img_id Multiple Vulnerabilities

[ZDI] HP Managed Printing Administration jobDelivery Multiple Vulnerabilities

[ZDI] HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability

[ZDI[ HP Managed Printing Administration jobAcct Multiple Vulnerabilities

[ZDI] Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability

advisories ______________
Nov 13, 2011
Author: rgod

[ZDI] HP Data Protector Notebook Extension Policy Server LogBackupLocationStatus Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogClientInstallation Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension GetPolicies Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server RequestCopy Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogClientHealth Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogCopyOperation Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server FinishedCopy Remote SQL Injection Vulnerabilty

[ZDI] Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability

[ZDI] Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability

[ZDI] Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager ProcessAction Remote Code Execution Vulnerability

[ZDI] HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

[ZDI] CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability

[ZDI] Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

[ZDI] CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

[ZDI] CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

[ZDI] RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability

[ZDI] McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability

[ZDI] CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability

[ZDI] IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability

[ZDI] Oracle GoldenGate Veridata Server XML SOAP Request Parsing Remote Code Execution Vulnerability

[ZDI] Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability

[ZDI] Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability

[ZDI] Symantec IM Manager Administrative Interface DetailReportGroup.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface SummaryReportGroup.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface LoggedInUsers.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface rdpageimlogic.aspx SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface IMAdminReportTrendFormRun.asp SQL Injection Vulnerability

[ZDI] Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection Vulnerability

[ZDI] SAP BusinessObjects Crystal Reports Server CMS.exe Remote Code Execution Vulnerability

[ZDI] Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability

[ZDI] Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities

[ZDI[ Oracle Secure Backup Administration Authentication Bypass Vulnerability

[ZDI] Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability

[ZDI] Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability

[ZDI] Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability

[ZDI] CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability/

[ZDI[ CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities

[ZDI] Skype URI Processing Arbitrary XML File Deletion Vulnerability

{ZDI] Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability