Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | October 2006

October 2006

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
SnapGear	SnapGear Multiple Vulnerabilities	31/10/06
Secunia	QnECMS "adminfolderpath" File Inclusion Vulnerabilities	31/10/06
Secunia	Faq Administrator "email" File Inclusion Vulnerability	31/10/06
MDaemon	Server WorldClient Unspecified Vulnerability	31/10/06
Sophos	Anti-Virus Petite Plugin Denial of Service Vulnerability	31/10/06
Sophos	Anti-Virus RAR and CHM Denial of Service Vulnerabilities	31/10/06
Secunia	MiniBILL "config[page_dir]" File Inclusion Vulnerability	31/10/06
Secunia	Internet Explorer 7 Window Injection Vulnerability	31/10/06
SUSE	Update for Multiple Packages	31/10/06
SmartGate	SSL Server Information Disclosure	30/10/06
wvWare	Multiple Integer Overflow Vulnerabilities	30/10/06
Secunia	MiniBB "pathToFiles" File Inclusion Vulnerability	30/10/06
Secunia	Multi-Page Comment System "path" File Inclusion Vulnerabilities	30/10/06
Wireshark	Multiple Denial of Service Vulnerabilities	30/10/06
Secunia	Segue CMS "theme" Local File Inclusion Vulnerabilities	27/10/06
Secunia	MDweb "chemin_appli" File Inclusion Vulnerabilities	27/10/06
Secunia	Discuz! GBK "cdb_auth" SQL Injection Vulnerability	27/10/06
Cisco	Security Agent for Linux Port Scan Denial of Service	27/10/06
Slackware	Update for Qt	27/10/06
IBM	HMC Apache2 / OpenSSL Vulnerabilities	27/10/06
AOL	YGPPDownload ActiveX Control Buffer Overflows	27/10/06
SUSE	Update for Qt	27/10/06
Blue Coat	RSA Signature Vulnerability	27/10/06
Avaya	CMS Sun Solaris IPv6 Denial of Service	27/10/06
Sun	Java System Messaging Server Webmail Script Insertion	26/10/06
Gentoo	Update for openssl	26/10/06
Debian	Update for webmin	26/10/06
Gentoo	Update for mod_tcl	26/10/06
Gentoo	Update for clamav	26/10/06
desknet	Unspecified Buffer Overflow Vulnerability	25/10/06
GraphicsMagick	PALM and DCM Buffer Overflows	25/10/06
Secunia	QK SMTP Server "RCPT TO:" Buffer Overflow Vulnerability	25/10/06
ImageMagick	PALM and DCM Buffer Overflows	25/10/06
CruiseWorks	Directory Traversal and Buffer Overflow Vulnerabilities	25/10/06
Wiclear	"path" File Inclusion Vulnerabilities	25/10/06
Secunia	Der Dirigent "cfg_dedi[dedi_path]" File Inclusion Vulnerabilities	25/10/06
Secunia	2BGal "path" Local File Inclusion Vulnerabilities	25/10/06
Debian	Update for python2.3	25/10/06
Ubuntu	Update for Qt	25/10/06
Secunia	Trawler Web CMS Multiple File Inclusion Vulnerabilities	24/10/06
Secunia	PHP-Nuke "eid" SQL Injection Vulnerability	24/10/06
Red Hat	Red Hat update for kernel	24/10/06
Secunia	Open Meetings Filing Application "PROJECT_ROOT" File Inclusion	24/10/06
Secunia	Virtual Law Office "phpc_root_path" File Inclusion Vulnerabilities	24/10/06
Secunia	castor "rootpath" File Inclusion Vulnerabilities	24/10/06
Debian	Debian update for python2.4	24/10/06
Avaya	Avaya Products PHP Multiple Vulnerabilites	24/10/06
Avaya	Avaya Products PHP "_ecalloc" Integer Overflow Vulnerability	24/10/06
Debian	Debian update for clamav	24/10/06
Gentoo	Gentoo update for libmusicbrainz	24/10/06
SUSE	SUSE update for openssh	24/10/06
Kolab	Kolab Server ClamAV CHM Unpacker and PE Rebuilding Vulnerabilities	24/10/06
Secunia	AirMagnet Enterprise Multiple Vulnerabilities	24/10/06
Secunia	OpenDock Full Core "doc_directory" File Inclusion Vulnerabilities	24/10/06
Secunia	Segue CMS "themesdir" File Inclusion Vulnerability	24/10/06
Spurceforge	Segue CMS SQL Injection Vulnerabilities	24/10/06
Symantec	Symantec Mail Security for Domino Mail Relaying Vulnerability	24/10/06
SGI	SGI Advanced Linux Environment Multiple Updates	24/10/06
Asterisk	Asterisk Cisco SCCP "chan_skinny" Integer Overflow Vulnerability	24/10/06
SUSE	SUSE update for opera	24/10/06
Mandriva	Mandriva update for kdelibs	24/10/06
Secunia	Ingo Folder Name Shell Command Injection Vulnerability	24/10/06
Microsoft	Updated Security Bulletin MS06-061: Vulnerabilities in Microsoft XML Core Services	20/10/06
Qt Pixmap	Image Handling Integer Overflow Vulnerability	20/10/06
XORP	OSPF Link State Advertisements Denial of Service	20/10/06
Secunia	Comdev Forum "path[docroot]" File Inclusion	20/10/06
LoCal	Calendar System "LIBDIR" File Inclusion Vulnerability	20/10/06
rPath	Update for kdelibs	20/10/06
Secunia	Comdev Form Designer "path[docroot]" File Inclusion	20/10/06
Red Hat	Update for kdelibs	20/10/06
Secunia	Comdev Web Blogger "path[docroot]" File Inclusion	20/10/06
WIMS	Data Manipulation Vulnerability	20/10/06
SUSE	Update for clamav	20/10/06
Debian	Update for openssl096	20/10/06
phpPowerCards	"txt.inc.php" PHP Code Injection	20/10/06
Secunia	Comdev Misc Tools "path[docroot]" File Inclusion	20/10/06
Ubuntu	Update for pike	20/10/06
Php	Php AMX "plug_path" File Inclusion Vulnerability	19/10/06
PMB	PMB Multiple Vulnerabilities	19/10/06
Trustix	Trustix Updates for Multiple Packages	19/10/06
Oracle	Oracle Products Multiple Vulnerabilities	19/10/06
Opera	Opera Web Browser URL Handling Buffer Overflow Vulnerability	19/10/06
Gentoo	Gentoo update for capi4hylafax	19/10/06
Mandriva	Mandriva update for libksba	19/10/06
Mandriva	Mandriva update for clamav	19/10/06
phpBB	phpBB News Defilante Horizontale "phpbb_root_path" File Inclusion	19/10/06
Gentoo	Gentoo update for python	19/10/06
Toshiba	Toshiba Bluetooth Stack Memory Corruption Vulnerability	18/10/06
WoltLab	WoltLab Burning Book SQL Injection and "eval()" Injection	18/10/06
Ubuntu	Ubuntu update for libksba	18/10/06
NVIDIA	NVIDIA Binary Graphics Driver for Linux Buffer Overflow Vulnerability	18/10/06
Avaya	Avaya Products Firefox Multiple Vulnerabilities	18/10/06
Asbru	Asbru Web Content Editor Shell Command Injection	18/10/06
PHPRecipeBook	PHPRecipeBook "g_rb_basedir" File Inclusion Vulnerability	18/10/06
Avaya	Avaya Products PHP Multiple Vulnerabilities	17/10/06
Open Conference	Open Conference Systems "fullpath" File Inclusion Vulnerability	17/10/06
Gentoo	Gentoo update for seamonkey	17/10/06
Avaya	Avaya Products Linux Kernel Multiple Vulnerabilities	17/10/06
Avaya	Avaya Products gzip Multiple Vulnerabilities	17/10/06
Bugzilla	Bugzilla Multiple Vulnerabilities	17/10/06
Clam AntiVirus	Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities	17/10/06
Apache	Apache HTTP Server mod_tcl Format String Vulnerabilities	17/10/06
Avaya	Avaya Products Wireshark Multiple Vulnerabilities	16/10/06
Secunia	Redaction System "lang_prefix" File Inclusion Vulnerabilities	16/10/06
Avaya	Avaya Products OpenSSL Multiple Vulnerabilities	16/10/06
Secunia	phpht Topsites "phpht_real_path" File Inclusion Vulnerability	16/10/06
Secunia	MailEnable NTLM and Information Disclosure Vulnerabilities	16/10/06
Secunia	miniBB Keyword Replacer "pathToFiles" File Inclusion Vulnerability	16/10/06
Secunia	Download-Engine "spaw_root" File Inclusion Vulnerability	16/10/06
Microsoft	PowerPoint Unspecified Code Execution Vulnerability	16/10/06
Secunia	phpBB SpamBlockerMod "phpbb_root_path" File Inclusion Vulnerability	16/10/06
Secunia	Journals System "phpbb_root_path" File Inclusion Vulnerability	16/10/06
OpenBSD	OpenBSD update for OpenSSH	13/10/06
Sun	Sun Solaris Apache "mod_rewrite" and "mod_imap" Vulnerabilities	13/10/06
Sun	Sun Solaris update for Apache 2	13/10/06
PHP	PHP News Reader "CFG[auth_phpbb_path]" File Inclusion	13/10/06
Minichat	Minichat "mostrar" File Inclusion Vulnerability	13/10/06
Ubuntu	Ubuntu update for libmusicbrainz	13/10/06
Adobe	Macromedia Breeze URL Parsing Information Disclosure	12/10/06
Novell	Novell BorderManager VPN Denial of Service Vulnerability	12/10/06
IBM	IBM WebSphere Application Server Three Vulnerabilities	12/10/06
Sun Solaris	Sun Solaris Sendmail Long Header Denial of Service	12/10/06
Avaya	Avaya Products OpenSSH Multiple Vulnerabilities	12/10/06
Avaya	Avaya PDS HP-UX Ignite-UX Server Unspecified Vulnerability	12/10/06
Mandriva	Mandriva update for python	12/10/06
rPath	rPath update for idle and python	12/10/06
Ubuntu	Ubuntu update for php4 and php5	12/10/06
Ubuntu	Ubuntu update for mozilla	12/10/06
Microsoft	MS06-062: Microsoft Office Multiple Code Execution Vulnerabilities	11/10/06
Microsoft	MS06-061: Microsoft XML Core Services Information Disclosure and Code Execution	11/10/06
Microsoft	MS06-060: Microsoft Word Document Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-059: Microsoft Excel Document Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-058: Microsoft PowerPoint File Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-057: Microsoft Windows Explorer Could Allow Remote Execution	11/10/06
SUSE	SUSE updates for php4 and php5	11/10/06
WebYep	WebYep "webyep_sIncludePath" File Inclusion Vulnerabilities	11/10/06
Sourceforge	Etomite Unspecified SQL Injection Vulnerability	11/10/06
US-CERT	AOL YGP ActiveX Controls Buffer Overflow Vulnerabilities	11/10/06
Red Hat	Red Hat update for python	11/10/06
Debian	Debian update for libwmf	11/10/06
Debian	Debian update for xfree86	11/10/06
SUSE	SUSE updates for openssh, openssl, and bind9	10/10/06
Secunia	Moodle "tag" SQL Injection Vulnerability	10/10/06
OpenBSD	OpenBSD update for OpenSSL	10/10/06
Secunia	phpBB User Viewed Posts Tracker "phpbb_root_path" File Inclusion	10/10/06
Sourceforge	Python "repr()" Unicode String Buffer Overflow Vulnerability	09/10/06
Ubuntu	Ubuntu update for python	09/10/06
Trustix	Trustix Updates for Multiple Packages	09/10/06
Red Hat	Red Hat update for kernel	09/10/06
Secunia	SHTTPD HTTP Request Buffer Overflow Vulnerability	09/10/06
Serv-U	Serv-U FTP Server OpenSSL Multiple Vulnerabilities	09/10/06
Debian	Debian update for mozilla	09/10/06
Kernel	Linux Kernel Denial of Service Vulnerabilities	09/10/06
rPath	rPath update for php	09/10/06
Gentoo	Update for mozilla-thunderbird	06/10/06
Debian	Update for openssh-krb5	06/10/06
Gentoo	Update for netscape-flash	06/10/06
Secunia	phpBB Nivisec Static Topics "phpbb_root_path" File Inclusion	06/10/06
Xerox	ESS/ Network Controller and MicroServer "WebUI" Vulnerability	06/10/06
Debian	Update for mozilla-thunderbird	06/10/06
Ubuntu	Update for firefox	05/10/06
Secunia	phpMyProfiler "pmp_rel_path" File Inclusion Vulnerability	05/10/06
Secunia	Travelsized CMS "setup_folder" File Inclusion Vulnerability	05/10/06
IBM	Rational RequisitePro OpenSSL Vulnerability	05/10/06
Mandriva	Update for openssh	05/10/06
Kolab	Kolab Server Multiple Vulnerabilities	05/10/06
Mandriva	Update for ntp	04/10/06
Ubuntu	Update for openssh	04/10/06
Mandriva	Update for openssl	04/10/06
HP-UX	Ignite-UX Server Unspecified Vulnerability	04/10/06
Secunia	Minerva "phpbb_root_path" File Inclusion Vulnerability	04/10/06
HAMWeather	"do_parse_code" Command Injection Vulnerability	04/10/06
Drupal	IMCE Module Multiple Vulnerabilities	04/10/06
Secunia	BBaCE "phpbb_root_path" File Inclusion	04/10/06
Skype	URI Argument Handling Format String Vulnerability	04/10/06
Secunia	Forum82 "repertorylevel" File Inclusion Vulnerabilities	03/10/06
Secunia	VideoDB "config[pdf_module]" File Inclusion Vulnerability	03/10/06
Secunia	AllMyGuests "_AMGconfig[cfg_serverpath]" File Inclusion	03/10/06
Secunia	BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities	03/10/06
Mailenable	Mulitple Vulnerabilities	03/10/06
Openvpn	Multiple Vulnerabilities	03/10/06
Trustix	Updates for openssh and openssl	03/10/06
Slackware	Update for openssh	03/10/06
FreeBSD	Update for openssh	03/10/06
Filezilla	Server Multiple Vulnerabilities	03/10/06
Secunia	PowerPortal "file_name[]" File Inclusion Vulnerability	03/10/06
rPath	Update for openssl	03/10/06
Debian	Update for openssl	03/10/06
Redhat	Update for openssh	03/10/06
FreeBSD	Update for openssl	03/10/06
Ubuntu	Update for openssl	03/10/06
Apple	Mac OS X Security Update Fixes Multiple Vulnerabilities	03/10/06
Slackware	Update for openssl	03/10/06
Gentoo	Update for dokuwiki	03/10/06
Gentoo	Update for mozilla-firefox	03/10/06
Mandriva	Update for ffmpeg	03/10/06
Secunia	FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Secunia	xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Secunia	MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Mandriva	Update for xine-lib	03/10/06
Secunia	GStreamer FFmpeg Plug-in Multiple Buffer Overflows	03/10/06
Mandriva	Update for mplayer	03/10/06
Mandriva	Update for gstreamer-ffmpeg	03/10/06
Secunia	TagIt! Tagboard "page" File Inclusion Vulnerability	03/10/06
PHProjekt	File Inclusion Vulnerabilities	03/10/06
Suse	Update for openssl	03/10/06
Secunia	DokuWiki Denial of Service and Command Injection	03/10/06
Mandriva	Update for libmusicbrainz	03/10/06
Secunia	Joomla BSQ Sitestats Component Multiple Vulnerabilities	03/10/06
Secunia	phpBB XS "phpbb_root_path" File Inclusion Vulnerability	03/10/06
Secunia	Skrypty KGB "engine" File Inclusion Vulnerability	03/10/06
Secunia	Skrypty PPA Gallery "config[ppa_root_path]" File Inclusion	03/10/06
Openssh	Signal Handling Vulnerability	03/10/06
rPath	Update for openssl	03/10/06
Redhat	Update for openssl	03/10/06
Secunia	phpMyWebmin File Inclusion and Information Disclosure	03/10/06
Secunia	NaviCOPA "GET" Buffer Overflow Vulnerability	03/10/06
Secunia	Comdev FAQ Support "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Events Calendar "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Photo Gallery "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev News Publisher "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Web Blogger "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev CSV Importer "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Guestbook "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Newsletter "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Links Directory "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev eCommerce "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Customer Helpdesk "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Contact Form "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Vote Caster "path[docroot]" Parameter File Inclusion	03/10/06