Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | October 2006

October 2006

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
SnapGear	SnapGear Multiple Vulnerabilities	31/10/06
Secunia	QnECMS "adminfolderpath" File Inclusion Vulnerabilities	31/10/06
Secunia	Faq Administrator "email" File Inclusion Vulnerability	31/10/06
MDaemon	Server WorldClient Unspecified Vulnerability	31/10/06
Sophos	Anti-Virus Petite Plugin Denial of Service Vulnerability	31/10/06
Sophos	Anti-Virus RAR and CHM Denial of Service Vulnerabilities	31/10/06
Secunia	MiniBILL "config[page_dir]" File Inclusion Vulnerability	31/10/06
Secunia	Internet Explorer 7 Window Injection Vulnerability	31/10/06
SUSE	Update for Multiple Packages	31/10/06
SmartGate	SSL Server Information Disclosure	30/10/06
wvWare	Multiple Integer Overflow Vulnerabilities	30/10/06
Secunia	MiniBB "pathToFiles" File Inclusion Vulnerability	30/10/06
Secunia	Multi-Page Comment System "path" File Inclusion Vulnerabilities	30/10/06
Wireshark	Multiple Denial of Service Vulnerabilities	30/10/06
Secunia	Segue CMS "theme" Local File Inclusion Vulnerabilities	27/10/06
Secunia	MDweb "chemin_appli" File Inclusion Vulnerabilities	27/10/06
Secunia	Discuz! GBK "cdb_auth" SQL Injection Vulnerability	27/10/06
Cisco	Security Agent for Linux Port Scan Denial of Service	27/10/06
Slackware	Update for Qt	27/10/06
IBM	HMC Apache2 / OpenSSL Vulnerabilities	27/10/06
AOL	YGPPDownload ActiveX Control Buffer Overflows	27/10/06
SUSE	Update for Qt	27/10/06
Blue Coat	RSA Signature Vulnerability	27/10/06
Avaya	CMS Sun Solaris IPv6 Denial of Service	27/10/06
Sun	Java System Messaging Server Webmail Script Insertion	26/10/06
Gentoo	Update for openssl	26/10/06
Debian	Update for webmin	26/10/06
Gentoo	Update for mod_tcl	26/10/06
Gentoo	Update for clamav	26/10/06
desknet	Unspecified Buffer Overflow Vulnerability	25/10/06
GraphicsMagick	PALM and DCM Buffer Overflows	25/10/06
Secunia	QK SMTP Server "RCPT TO:" Buffer Overflow Vulnerability	25/10/06
ImageMagick	PALM and DCM Buffer Overflows	25/10/06
CruiseWorks	Directory Traversal and Buffer Overflow Vulnerabilities	25/10/06
Wiclear	"path" File Inclusion Vulnerabilities	25/10/06
Secunia	Der Dirigent "cfg_dedi[dedi_path]" File Inclusion Vulnerabilities	25/10/06
Secunia	2BGal "path" Local File Inclusion Vulnerabilities	25/10/06
Debian	Update for python2.3	25/10/06
Ubuntu	Update for Qt	25/10/06
Secunia	Trawler Web CMS Multiple File Inclusion Vulnerabilities	24/10/06
Secunia	PHP-Nuke "eid" SQL Injection Vulnerability	24/10/06
Red Hat	Red Hat update for kernel	24/10/06
Secunia	Open Meetings Filing Application "PROJECT_ROOT" File Inclusion	24/10/06
Secunia	Virtual Law Office "phpc_root_path" File Inclusion Vulnerabilities	24/10/06
Secunia	castor "rootpath" File Inclusion Vulnerabilities	24/10/06
Debian	Debian update for python2.4	24/10/06
Avaya	Avaya Products PHP Multiple Vulnerabilites	24/10/06
Avaya	Avaya Products PHP "_ecalloc" Integer Overflow Vulnerability	24/10/06
Debian	Debian update for clamav	24/10/06
Gentoo	Gentoo update for libmusicbrainz	24/10/06
SUSE	SUSE update for openssh	24/10/06
Kolab	Kolab Server ClamAV CHM Unpacker and PE Rebuilding Vulnerabilities	24/10/06
Secunia	AirMagnet Enterprise Multiple Vulnerabilities	24/10/06
Secunia	OpenDock Full Core "doc_directory" File Inclusion Vulnerabilities	24/10/06
Secunia	Segue CMS "themesdir" File Inclusion Vulnerability	24/10/06
Spurceforge	Segue CMS SQL Injection Vulnerabilities	24/10/06
Symantec	Symantec Mail Security for Domino Mail Relaying Vulnerability	24/10/06
SGI	SGI Advanced Linux Environment Multiple Updates	24/10/06
Asterisk	Asterisk Cisco SCCP "chan_skinny" Integer Overflow Vulnerability	24/10/06
SUSE	SUSE update for opera	24/10/06
Mandriva	Mandriva update for kdelibs	24/10/06
Secunia	Ingo Folder Name Shell Command Injection Vulnerability	24/10/06
Microsoft	Updated Security Bulletin MS06-061: Vulnerabilities in Microsoft XML Core Services	20/10/06
Qt Pixmap	Image Handling Integer Overflow Vulnerability	20/10/06
XORP	OSPF Link State Advertisements Denial of Service	20/10/06
Secunia	Comdev Forum "path[docroot]" File Inclusion	20/10/06
LoCal	Calendar System "LIBDIR" File Inclusion Vulnerability	20/10/06
rPath	Update for kdelibs	20/10/06
Secunia	Comdev Form Designer "path[docroot]" File Inclusion	20/10/06
Red Hat	Update for kdelibs	20/10/06
Secunia	Comdev Web Blogger "path[docroot]" File Inclusion	20/10/06
WIMS	Data Manipulation Vulnerability	20/10/06
SUSE	Update for clamav	20/10/06
Debian	Update for openssl096	20/10/06
phpPowerCards	"txt.inc.php" PHP Code Injection	20/10/06
Secunia	Comdev Misc Tools "path[docroot]" File Inclusion	20/10/06
Ubuntu	Update for pike	20/10/06
Php	Php AMX "plug_path" File Inclusion Vulnerability	19/10/06
PMB	PMB Multiple Vulnerabilities	19/10/06
Trustix	Trustix Updates for Multiple Packages	19/10/06
Oracle	Oracle Products Multiple Vulnerabilities	19/10/06
Opera	Opera Web Browser URL Handling Buffer Overflow Vulnerability	19/10/06
Gentoo	Gentoo update for capi4hylafax	19/10/06
Mandriva	Mandriva update for libksba	19/10/06
Mandriva	Mandriva update for clamav	19/10/06
phpBB	phpBB News Defilante Horizontale "phpbb_root_path" File Inclusion	19/10/06
Gentoo	Gentoo update for python	19/10/06
Toshiba	Toshiba Bluetooth Stack Memory Corruption Vulnerability	18/10/06
WoltLab	WoltLab Burning Book SQL Injection and "eval()" Injection	18/10/06
Ubuntu	Ubuntu update for libksba	18/10/06
NVIDIA	NVIDIA Binary Graphics Driver for Linux Buffer Overflow Vulnerability	18/10/06
Avaya	Avaya Products Firefox Multiple Vulnerabilities	18/10/06
Asbru	Asbru Web Content Editor Shell Command Injection	18/10/06
PHPRecipeBook	PHPRecipeBook "g_rb_basedir" File Inclusion Vulnerability	18/10/06
Avaya	Avaya Products PHP Multiple Vulnerabilities	17/10/06
Open Conference	Open Conference Systems "fullpath" File Inclusion Vulnerability	17/10/06
Gentoo	Gentoo update for seamonkey	17/10/06
Avaya	Avaya Products Linux Kernel Multiple Vulnerabilities	17/10/06
Avaya	Avaya Products gzip Multiple Vulnerabilities	17/10/06
Bugzilla	Bugzilla Multiple Vulnerabilities	17/10/06
Clam AntiVirus	Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities	17/10/06
Apache	Apache HTTP Server mod_tcl Format String Vulnerabilities	17/10/06
Avaya	Avaya Products Wireshark Multiple Vulnerabilities	16/10/06
Secunia	Redaction System "lang_prefix" File Inclusion Vulnerabilities	16/10/06
Avaya	Avaya Products OpenSSL Multiple Vulnerabilities	16/10/06
Secunia	phpht Topsites "phpht_real_path" File Inclusion Vulnerability	16/10/06
Secunia	MailEnable NTLM and Information Disclosure Vulnerabilities	16/10/06
Secunia	miniBB Keyword Replacer "pathToFiles" File Inclusion Vulnerability	16/10/06
Secunia	Download-Engine "spaw_root" File Inclusion Vulnerability	16/10/06
Microsoft	PowerPoint Unspecified Code Execution Vulnerability	16/10/06
Secunia	phpBB SpamBlockerMod "phpbb_root_path" File Inclusion Vulnerability	16/10/06
Secunia	Journals System "phpbb_root_path" File Inclusion Vulnerability	16/10/06
OpenBSD	OpenBSD update for OpenSSH	13/10/06
Sun	Sun Solaris Apache "mod_rewrite" and "mod_imap" Vulnerabilities	13/10/06
Sun	Sun Solaris update for Apache 2	13/10/06
PHP	PHP News Reader "CFG[auth_phpbb_path]" File Inclusion	13/10/06
Minichat	Minichat "mostrar" File Inclusion Vulnerability	13/10/06
Ubuntu	Ubuntu update for libmusicbrainz	13/10/06
Adobe	Macromedia Breeze URL Parsing Information Disclosure	12/10/06
Novell	Novell BorderManager VPN Denial of Service Vulnerability	12/10/06
IBM	IBM WebSphere Application Server Three Vulnerabilities	12/10/06
Sun Solaris	Sun Solaris Sendmail Long Header Denial of Service	12/10/06
Avaya	Avaya Products OpenSSH Multiple Vulnerabilities	12/10/06
Avaya	Avaya PDS HP-UX Ignite-UX Server Unspecified Vulnerability	12/10/06
Mandriva	Mandriva update for python	12/10/06
rPath	rPath update for idle and python	12/10/06
Ubuntu	Ubuntu update for php4 and php5	12/10/06
Ubuntu	Ubuntu update for mozilla	12/10/06
Microsoft	MS06-062: Microsoft Office Multiple Code Execution Vulnerabilities	11/10/06
Microsoft	MS06-061: Microsoft XML Core Services Information Disclosure and Code Execution	11/10/06
Microsoft	MS06-060: Microsoft Word Document Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-059: Microsoft Excel Document Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-058: Microsoft PowerPoint File Handling Command Execution Vulnerabilities	11/10/06
Microsoft	MS06-057: Microsoft Windows Explorer Could Allow Remote Execution	11/10/06
SUSE	SUSE updates for php4 and php5	11/10/06
WebYep	WebYep "webyep_sIncludePath" File Inclusion Vulnerabilities	11/10/06
Sourceforge	Etomite Unspecified SQL Injection Vulnerability	11/10/06
US-CERT	AOL YGP ActiveX Controls Buffer Overflow Vulnerabilities	11/10/06
Red Hat	Red Hat update for python	11/10/06
Debian	Debian update for libwmf	11/10/06
Debian	Debian update for xfree86	11/10/06
SUSE	SUSE updates for openssh, openssl, and bind9	10/10/06
Secunia	Moodle "tag" SQL Injection Vulnerability	10/10/06
OpenBSD	OpenBSD update for OpenSSL	10/10/06
Secunia	phpBB User Viewed Posts Tracker "phpbb_root_path" File Inclusion	10/10/06
Sourceforge	Python "repr()" Unicode String Buffer Overflow Vulnerability	09/10/06
Ubuntu	Ubuntu update for python	09/10/06
Trustix	Trustix Updates for Multiple Packages	09/10/06
Red Hat	Red Hat update for kernel	09/10/06
Secunia	SHTTPD HTTP Request Buffer Overflow Vulnerability	09/10/06
Serv-U	Serv-U FTP Server OpenSSL Multiple Vulnerabilities	09/10/06
Debian	Debian update for mozilla	09/10/06
Kernel	Linux Kernel Denial of Service Vulnerabilities	09/10/06
rPath	rPath update for php	09/10/06
Gentoo	Update for mozilla-thunderbird	06/10/06
Debian	Update for openssh-krb5	06/10/06
Gentoo	Update for netscape-flash	06/10/06
Secunia	phpBB Nivisec Static Topics "phpbb_root_path" File Inclusion	06/10/06
Xerox	ESS/ Network Controller and MicroServer "WebUI" Vulnerability	06/10/06
Debian	Update for mozilla-thunderbird	06/10/06
Ubuntu	Update for firefox	05/10/06
Secunia	phpMyProfiler "pmp_rel_path" File Inclusion Vulnerability	05/10/06
Secunia	Travelsized CMS "setup_folder" File Inclusion Vulnerability	05/10/06
IBM	Rational RequisitePro OpenSSL Vulnerability	05/10/06
Mandriva	Update for openssh	05/10/06
Kolab	Kolab Server Multiple Vulnerabilities	05/10/06
Mandriva	Update for ntp	04/10/06
Ubuntu	Update for openssh	04/10/06
Mandriva	Update for openssl	04/10/06
HP-UX	Ignite-UX Server Unspecified Vulnerability	04/10/06
Secunia	Minerva "phpbb_root_path" File Inclusion Vulnerability	04/10/06
HAMWeather	"do_parse_code" Command Injection Vulnerability	04/10/06
Drupal	IMCE Module Multiple Vulnerabilities	04/10/06
Secunia	BBaCE "phpbb_root_path" File Inclusion	04/10/06
Skype	URI Argument Handling Format String Vulnerability	04/10/06
Secunia	Forum82 "repertorylevel" File Inclusion Vulnerabilities	03/10/06
Secunia	VideoDB "config[pdf_module]" File Inclusion Vulnerability	03/10/06
Secunia	AllMyGuests "_AMGconfig[cfg_serverpath]" File Inclusion	03/10/06
Secunia	BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities	03/10/06
Mailenable	Mulitple Vulnerabilities	03/10/06
Openvpn	Multiple Vulnerabilities	03/10/06
Trustix	Updates for openssh and openssl	03/10/06
Slackware	Update for openssh	03/10/06
FreeBSD	Update for openssh	03/10/06
Filezilla	Server Multiple Vulnerabilities	03/10/06
Secunia	PowerPortal "file_name[]" File Inclusion Vulnerability	03/10/06
rPath	Update for openssl	03/10/06
Debian	Update for openssl	03/10/06
Redhat	Update for openssh	03/10/06
FreeBSD	Update for openssl	03/10/06
Ubuntu	Update for openssl	03/10/06
Apple	Mac OS X Security Update Fixes Multiple Vulnerabilities	03/10/06
Slackware	Update for openssl	03/10/06
Gentoo	Update for dokuwiki	03/10/06
Gentoo	Update for mozilla-firefox	03/10/06
Mandriva	Update for ffmpeg	03/10/06
Secunia	FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Secunia	xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Secunia	MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities	03/10/06
Mandriva	Update for xine-lib	03/10/06
Secunia	GStreamer FFmpeg Plug-in Multiple Buffer Overflows	03/10/06
Mandriva	Update for mplayer	03/10/06
Mandriva	Update for gstreamer-ffmpeg	03/10/06
Secunia	TagIt! Tagboard "page" File Inclusion Vulnerability	03/10/06
PHProjekt	File Inclusion Vulnerabilities	03/10/06
Suse	Update for openssl	03/10/06
Secunia	DokuWiki Denial of Service and Command Injection	03/10/06
Mandriva	Update for libmusicbrainz	03/10/06
Secunia	Joomla BSQ Sitestats Component Multiple Vulnerabilities	03/10/06
Secunia	phpBB XS "phpbb_root_path" File Inclusion Vulnerability	03/10/06
Secunia	Skrypty KGB "engine" File Inclusion Vulnerability	03/10/06
Secunia	Skrypty PPA Gallery "config[ppa_root_path]" File Inclusion	03/10/06
Openssh	Signal Handling Vulnerability	03/10/06
rPath	Update for openssl	03/10/06
Redhat	Update for openssl	03/10/06
Secunia	phpMyWebmin File Inclusion and Information Disclosure	03/10/06
Secunia	NaviCOPA "GET" Buffer Overflow Vulnerability	03/10/06
Secunia	Comdev FAQ Support "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Events Calendar "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Photo Gallery "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev News Publisher "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Web Blogger "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev CSV Importer "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Guestbook "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Newsletter "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Links Directory "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev eCommerce "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Customer Helpdesk "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Contact Form "path[docroot]" Parameter File Inclusion	03/10/06
Secunia	Comdev Vote Caster "path[docroot]" Parameter File Inclusion	03/10/06

Centre for Critical Infrastructure Protection (CCIP)

Centre for Critical Infrastructure Protection

October 2006