Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | September 2006

September 2006

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Microsoft	Microsoft PowerPoint Code Execution Vulnerability	29/09/06
SUSE	SUSE Update for Multiple Packages	29/09/06
Microsoft	Microsoft Internet Explorer "WebViewFolderIcon" Integer Overflow	29/09/06
Newswriter	Newswriter "NWCONF_SYSTEM[server_path]" File Inclusion Vulnerability	29/09/06
Blog PixelMotion	Blog PixelMotion Multiple Vulnerabilities	29/09/06
Avaya	Avaya Products Linux Kernel Multiple Vulnerabilities	29/09/06
phpMyAdmin	phpMyAdmin Unspecified Vulnerabilities	29/09/06
NaviCOPA	NaviCOPA "GET" Buffer Overflow Vulnerability	29/09/06
OpenSSL	OpenSSL Multiple Denial of Service Vulnerabilities	29/09/06
WEB//NEWS	WEB//NEWS "WN_BASEDIR" Parameter File Inclusion	28/09/06
JAF CMS	JAF CMS Script Insertion and PHP Code Injection	28/09/06
rPath	rPath update for openssh	28/09/06
rPath	rPath update for openoffice.org	28/09/06
Pie Cart	Pie Cart Pro Site Builder "Inc_Dir" File Inclusion Vulnerabilities	28/09/06
Gentoo	Gentoo update for imagemagick	28/09/06
Sun	Sun Solaris Kernel SSL Denial of Service Vulnerability	28/09/06
Gentoo	Gentoo update for tikiwiki	28/09/06
Microsoft	MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)	27/09/06
Mandriva	Mandriva update for mozilla-thunderbird	27/09/06
Mandriva	Mandriva update for webmin	27/09/06
IM Portal	IM Portal "phpbb_root_path" File Inclusion Vulnerability	27/09/06
Sugar Suite	Sugar Suite Unspecified Vulnerability	27/09/06
PBLang	PBLang "temppath" Parameter File Inclusion Vulnerability	27/09/06
HP-UX	HP-UX update for Kerberos	27/09/06
Debian	Debian update for kernel-source-2.6.8	27/09/06
Solaris	Solaris IPv6 Denial of Service Vulnerability	27/09/06
OpenSSH	OpenSSH Identical Blocks Denial of Service Vulnerability	27/09/06
SyntaxCMS	SyntaxCMS "init_path" File Inclusion Vulnerability	26/09/06
cPanel	cPanel Unspecified Privilege Escalation Vulnerability	26/09/06
Debian	Debian update for kernel-source-2.4.27	26/09/06
e-Vision	e-Vision CMS SQL Injection and File Upload Vulnerabilities	26/09/06
SUSE	SUSE updates for MozillaFirefox, MozillaThunderbird, and seamonkey	26/09/06
Gentoo	Gentoo update for gzip	26/09/06
Redhat	Update for php	25/09/06
HP-UX	Update for thunderbird	25/09/06
Apple	Airport Buffer Overflow and Integer Overflow Vulnerabilities	25/09/06
Ubuntu	Update for mozilla-thunderbird	25/09/06
Suse	Updates for php4 / php5	25/09/06
HP-UX	Update for firefox	25/09/06
Cisco	Cisco Intrusion Prevention System Fragmented IP Packets Security Bypass	22/09/06
Secunia	Simple Discussion Board Remote File Inclusion Vulnerabilities	22/09/06
Sisco	SISCO OSI Stack Denial of Service Vulnerability	22/09/06
Secunia	Dr.Web LHA Directory Name Buffer Overflow	21/09/06
SGI	SGI Advanced Linux Environment Multiple Updates	21/09/06
gzip	gzip Multiple Vulnerabilities	21/09/06
Microsoft	Microsoft PowerPoint Unspecified Code Execution Vulnerability	20/09/06
PHPQuiz	PHPQuiz Multiple Vulnerabilities	20/09/06
PHP-Post	PHP-Post Multiple Vulnerabilities	20/09/06
Debian	Debian update for alsaplayer	20/09/06
Techno Dreams	Techno Dreams Articles & Papers Package "key" SQL Injection	20/09/06
Microsoft	Microsoft Internet Explorer VML Code Execution Vulnerability	20/09/06
Mandriva	Mandriva update for mailman	20/09/06
Trustix	Trustix Updates for Multiple Packages	19/09/06
IPSwitch	WS_FTP Server FTP Commands Buffer Overflow Vulnerability	19/09/06
Citrix	Citrix Access Gateway Advanced Access Control Authentication Bypass	19/09/06
Zope	Zope restructuredText "csv_table" Information Disclosure	19/09/06
Mozilla	Mozilla Products Remote Code Execution and Cross Site Scripting Vulnerabilities	18/09/06
Slackware	Slackware update for bind	18/09/06
Gentoo	Gentoo update for dokuwiki	18/09/06
Ubuntu	Ubuntu update for kernel	18/09/06
Secunia	Shadowed Portal "root" File Inclusion Vulnerabilities	18/09/06
Gentoo	Gentoo update for bind	18/09/06
Gulftech	Claroline "extAuthSource['newUser']" File Inclusion Vulnerability	18/09/06
NetPerformer	NetPerformer Products Denial of Service Vulnerabilities	15/09/06
Gentoo	Gentoo update for ffmpeg	15/09/06
Debian	Debian update for isakmpd	15/09/06
Redhat	Update for flash-plugin	14/09/06
Apple	QuickTime Multiple Vulnerabilities	14/09/06
Secunia	phpBB XS "phpbb_root_path" File Inclusion Vulnerability	13/09/06
Adobe	Flash Player Multiple Unspecified Vulnerabilities	13/09/06
Microsoft	Microsoft Publisher Code Execution Vulnerability	13/09/06
Red Hat	Red Hat update for mailman	08/09/06
BP News	BP News "bnrep" File Inclusion Vulnerability	08/09/06
phpBB	phpBB Premod Shadow "phpbb_root_path" File Inclusion	08/09/06
FreeBSD	FreeBSD update for bind	08/09/06
Ipswitch	Ipswitch IMail Server SMTP Service Unspecified Vulnerability	08/09/06
Beautifier	Beautifier "BEAUT_PATH" Parameter File Inclusion Vulnerability	08/09/06
IBM AIX	IBM AIX update for bind	08/09/06
phpFullAnnu	phpFullAnnu "repmod" File Inclusion Vulnerability	08/09/06
Gentoo	Gentoo update for streamripper	08/09/06
Sponge News	Sponge News "sndir" File Inclusion Vulnerability	07/09/06
Ubuntu	Ubuntu update for imagemagick	07/09/06
php download	php download script "file" Parameter Directory Traversal	07/09/06
ISC BIND	ISC BIND Denial of Service Vulnerabilities	07/09/06
C-News	C-News "path" File Inclusion Vulnerabilities	07/09/06
MySource	MySource Classic Equation Attribute PHP Code Injection	07/09/06
Debian	Debian update for imagemagick	06/09/06
Microsoft	Microsoft Word 2000 Unspecified Code Execution Vulnerability	06/09/06
SUSE	SUSE Update for Multiple Packages	05/09/06
Mailman	Mailman Multiple Vulnerabilities	05/09/06
OpenBSD	OpenBSD update for sppp	05/09/06
TikiWiki	TikiWiki jhot.php File Upload Vulnerability	05/09/06
php-revista	php-revista Multiple Vulnerabilities	05/09/06
Avaya	Avaya Products Linux Kernel Multiple Vulnerabilities	05/09/06
MyBace	MyBace Light Skript File Inclusion Vulnerabilities	05/09/06
vtiger	vtiger CRM Script Insertion and Administrative Modules Access	05/09/06
CR64Loader	CR64Loader ActiveX Control Buffer Overflow Vulnerability	05/09/06
Debian	Debian update for capi4hylafax	04/09/06
Membrepass	Membrepass Multiple Vulnerabilities	04/09/06
YACS	YACS "context[path_to_root]" File Inclusion Vulnerabilities	04/09/06
SnapGear	SnapGear Two Denial of Service Vulnerabilities	04/09/06
Pheap	Pheap "lpref" File Inclusion Vulnerability	04/09/06
Avaya	Avaya Products PHP Multiple Vulnerabilities	04/09/06
Tumbleweed	Tumbleweed EMF ZOO Archive Processing Buffer Overflow	04/09/06
Compression Plus	Compression Plus ZOO Archive Processing Buffer Overflow	04/09/06
Webmin / Usermin	Webmin / Usermin Cross-Site Scripting and Source Code Disclosure	04/09/06
Mandriva	Mandriva update for sendmail	01/09/06
CubeCart	CubeCart Multiple Vulnerabilities	01/09/06
Mandriva	Mandriva update for musicbrainz	01/09/06
Debian	Debian update for sendmail	01/09/06
Imei	MyBB Cross-Site Scripting and Script Insertion Vulnerabilities	01/09/06