Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | December 2006

December 2006

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
TYPO3	Rtehtmlarea Extension "userUid" Command Execution	22/12/06
TYPO3	"userUid" Command Execution Vulnerability	22/12/06
Secunia	NeoTrace Express/Pro ActiveX Control "TraceTarget()" Buffer Overflow	22/12/06
Ubuntu	Update for mono	22/12/06
Mandriva	Update for mono	22/12/06
Mono	System.Web Source Code Disclosure Vulnerability	22/12/06
Secunia	Valdersoft Shopping Cart "commonIncludePath" File Inclusion	22/12/06
Kolab	Server ClamAV Denial of Service Vulnerability	22/12/06
Hitachi	Directory Server LDAP Multiple Vulnerabilities	22/12/06
Gentoo	Update for imlib2	22/12/06
Secunia	cwmCounter "path" File Inclusion Vulnerability	22/12/06
Secunia	TextSend "ROOT_PATH" File Inclusion Vulnerability	22/12/06
Secunia	phpProfiles Multiple File Inclusion Vulnerabilities	21/12/06
Sun	Java JRE Applet Security Bypass	21/12/06
Secunia	PHP-Update blog.php Multiple Vulnerabilities	21/12/06
Sun	Java JRE Multiple Vulnerabilities	21/12/06
RedHat	Update for firefox	21/12/06
Secunia	Burak Yilmaz Download Portal "id" SQL Injection Vulnerability	21/12/06
RedHat	Update for seamonkey	21/12/06
Secunia	WinFtp Server Data Handling Denial of Service Vulnerability	21/12/06
SUSE	Update for Multiple Packages	21/12/06
Secunia	cwmVote "abs" File Inclusion Vulnerability	21/12/06
RedHat	Update for thunderbird	21/12/06
RedHat	Update for tar	21/12/06
Mozilla	Mozilla Thunderbird Multiple Vulnerabilities	20/12/06
Mozilla	Mozilla SeaMonkey Multiple Vulnerabilities	20/12/06
Secunia	Mozilla Firefox Multiple Vulnerabilities	20/12/06
Secunia	DeepBurner DBR File Parsing Buffer Overflow Vulnerability	20/12/06
Nortel	CallPilot Server Unspecified Vulnerability	20/12/06
Secunia	Azucar CMS "_VIEW" File Inclusion Vulnerability	20/12/06
Secunia	VerliAdmin "q" File Inclusion Vulnerability	20/12/06
Secunia	Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition	20/12/06
Marathon	Aleph One Denial of Service	20/12/06
Gentoo	Update for clamav	20/12/06
MailEnable	POP Service "PASS" Command Buffer Overflow	19/12/06
McAfee	VirusScan Command Line Scanner Insecure DT_RPATH	19/12/06
Gentoo	Vlnx Insecure DT_RPATH Vulnerability	19/12/06
Secunia	CuteNews AJ-Fork "cutepath" File Inclusion Vulnerability	19/12/06
SUSE	Update for clamav	19/12/06
Secunia	MxBB Portal mx_meeting Module "module_root_path" File Inclusion	19/12/06
IBM	WebSphere Application Server Multiple Vulnerabilities	19/12/06
eyeOS	File Upload Vulnerability	19/12/06
BitDefender	AntiVirus Engine PE File Parsing Buffer Overflow	19/12/06
Debian	Update for sql-ledger	19/12/06
Secunia	MxBB Portal mx_charts Module "module_root_path" File Inclusion	19/12/06
Debian	Update for kernel-source-2.4.27	19/12/06
Trustix	Update for clamav	19/12/06
Debian	Update for clamav	19/12/06
Secunia	ScriptMate User Manager Multiple Vulnerabilities	18/12/06
IBM	WebSphere Application Server Unspecified Vulnerability	18/12/06
Yahoo!	Messenger Unspecified ActiveX Control Buffer Overflow	18/12/06
Avaya	CMS / IR Sun Solaris libXfont Integer Overflow Vulnerability	18/12/06
italkplus	Unspecified Buffer Overflow Vulnerabilities	18/12/06
rPath	Update for libgsf	15/12/06
SUSE	Update for libgsf	15/12/06
Secunia	HyperAccess Two Security Issues	15/12/06
Debian	Update for kernel	15/12/06
Ubuntu	Update for kernel	15/12/06
Enemies Of Carlotta	Shell Command Injection	15/12/06
Secunia	CoolPlayer Skin Long Key Buffer Overflow Vulnerability	15/12/06
Debian	Update for enemies-of-carlotta	15/12/06
Symantec	Veritas Netbackup Multiple Vulnerabilities	15/12/06
Mandriva	Update for clamav	15/12/06
Mandriva	Update for evince	15/12/06
ml_ipod	"readAA()" Buffer Overflow Vulnerability	14/12/06
Secunia	TorrentFlux Multiple Vulnerabilities	14/12/06
OpenLDAP	"krbv4_ldap_auth()" Buffer Overflow Vulnerability	14/12/06
Avaya	PDS HP-UX Secure Shell / OpenSSL Multiple Vulnerabilities	14/12/06
Solaris	OpenSSL Denial of Service Vulnerabilities	14/12/06
Secunia	Kerio MailServer LDAP Query Denial of Service	14/12/06
SUSE	Update for gnupg	14/12/06
Secunia	MxBB Portal mx_newssuite Module "mx_root_path" File Inclusion	14/12/06
Gentoo	Update for f-prot	14/12/06
Sophos	Anti-Virus SIT/CPIO File Processing Vulnerabilities	14/12/06
Secunia	MxBB Portal Knowledge Base/mx_kb Module "module_root_path" FileInclusion	14/12/06
Debian	Update for clamav	14/12/06
Gentoo	Update for libgsf	14/12/06
Secunia	MxBB Portal mx_modsdb Module "module_root_path" File Inclusion	14/12/06
rPath	Update for squirrelmail	14/12/06
rPath	Update for evince	14/12/06
Microsoft	Microsoft Security Bulletin MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-077 - Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-076 - Cumulative Security Update for Outlook Express (923694)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-075 - Vulnerability in Windows Could Allow Elevation of Privilege (926255)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-074 - Vulnerability in SNMP Could Allow Remote Code Execution (926247)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-073 - Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)	13/12/06
Microsoft	Microsoft Security Bulletin MS06-072 - Cumulative Security Update for Internet Explorer (925454)	13/12/06
Secunia	Internet Explorer Script Error Handling Memory Corruption Vunerability	13/12/06
Secunia	Clam AntiVirus Multipart Nestings Denial of Service	13/12/06
Secunia	Adobe ColdFusion MX Cross-Site Scripting Protection Bypass	13/12/06
Secunia	MxBB Portal mx_errordocs Module "module_root_path" File Inclusion	13/12/06
Gentoo	Gentoo update for tar	13/12/06
Gentoo	Gentoo update for emul-linux-x86-baselibs	13/12/06
RedHat	Red Hat Stronghold update for php	13/12/06
Mandriva	Mandriva update for gnupg	13/12/06
Secunia	PhpLeague "cheminmini" File Inclusion Vulnerabilities	12/12/06
Secunia	Messageriescripthp SQL Injection and Cross-Site Scripting	12/12/06
Secunia	IBM WebSphere Host On-Demand Authentication Bypass	12/12/06
Secunia	CM68 News "addpath" Remote File Inclusion Vulnerability	12/12/06
b2evolution	"inc_path" File Inclusion Vulnerability	12/12/06
Drupal	Chatroom Module Session ID Information Disclosure	12/12/06
Secunia	Golden FTP USER Denial of Service Vulnerability	12/12/06
Secunia	KhaledMuratList Database Disclosure Security Issue	12/12/06
Secunia	HR Assist "vdateUsr.asp" SQL Injection Vulnerabilities	12/12/06
Gentoo	Update for mozilla-thunderbird	12/12/06
Gentoo	Update for seamonkey	12/12/06
SUSE	Update for Multiple Packages	12/12/06
WAWI	Multiple Vulnerabilities	12/12/06
Trend Micro	RAR Processing Denial Of Service	12/12/06
Trustix	Update for gnupg and proftpd	12/12/06
Debian	Update for l2tpns	12/12/06
Debian	Update for gnupg	12/12/06
Secunia	KDPics Cross-Site Scripting and File Inclusion Vulnerabilities	12/12/06
Gentoo	Update for gnupg	12/12/06
Gentoo	Update for xine-lib	12/12/06
Gentoo	Update for mozilla-firefox	12/12/06
Microsoft	Word Unspecified Code Execution Vulnerability	12/12/06
Gentoo	Update for libmodplug	12/12/06
Ubuntu	Ubuntu update for gnupg	08/12/06
rPath	rPath update for gnupg	08/12/06
Slackware	Slackware update for gnupg	08/12/06
Red Hat	Red Hat update for mod_auth_kerb	08/12/06
Red Hat	Red Hat update for gnupg	07/12/06
GnuPG	GnuPG OpenPGP Message Decryption Vulnerability	07/12/06
Debian	Debian update for asterisk	07/12/06
FreeBSD	FreeBSD update for gtar	07/12/06
Mandriva	Mandriva update for xine-lib	07/12/06
Barracuda	Barracuda Spam Firewall Buffer Overflow Vulnerability	07/12/06
Citrix	Citrix ICA Client ActiveX Control Heap Overflow Vulnerability	07/12/06
Adobe	Adobe Download Manager AOM Buffer Overflow Vulnerability	07/12/06
Cybsec	SAP Internet Graphics Service Two Vulnerabilities	07/12/06
HP	HP-UX update for Apache	07/12/06
HP	HP-UX update for Secure Shell	07/12/06
Microsoft	Microsoft Word Unspecified Memory Corruption Vulnerability	07/12/06
Debian	Debian update for elinks	07/12/06
Secunia	Mac OS X ftpd Buffer Overflow Vulnerability	06/12/06
Ubuntu	Ubuntu update for xine-lib	06/12/06
Sourceforge	xine-lib libreal and libmms Buffer Overflow Vulnerabilities	06/12/06
Sourceforge	Anna^ IRC Bot SQL Injection Vulnerabilities	06/12/06
Ubuntu	Ubuntu update for libgsf	06/12/06
Debian	Debian update for links	06/12/06
Debian	Debian update for mozilla-thunderbird	05/12/06
Debian	Debian update for mozilla-firefox	05/12/06
Slackware	Slackware update for tar	05/12/06
Secunia	PHP Upload Center "footerpage" and "language" File Inclusion	05/12/06
Mandriva	Mandriva update for ImageMagick	05/12/06
Squirrelmail	SquirrelMail Multiple Cross-Site Scripting Vulnerabilities	05/12/06
Mandriva	Mandriva update for koffice	05/12/06
Slackware	Slackware update for proftpd	05/12/06
Debian	Debian update for mozilla	05/12/06
Debian	Debian update for tar	05/12/06
Ubuntu	Ubuntu update for evince	04/12/06
Mandriva	Mandriva update for GnuPG	04/12/06
Trustix	Trustix update for gnupg and tar	04/12/06
Mandriva	Mandriva update for libgsf	04/12/06
Mandriva	Mandriva update for proftpd	04/12/06
rPath	rPath update for dovecot	04/12/06
Debian	Debian update for proftpd	04/12/06
Gentoo	Gentoo update for proftpd	04/12/06
rPath	rPath update for gnupg	04/12/06
TWiki	TWiki Authentication Bypass Vulnerability	04/12/06
rPath	rPath update for openldap	04/12/06
rPath	rPath update for tar	04/12/06
Debian	Debian update for libgsf	01/12/06
Debian	GNOME Structured File Library "ole_info_read_metabat()" Buffer Overflow	01/12/06
Secunia	Kronolith "view" Local File Inclusion Vulnerability	01/12/06
Ubuntu	Ubuntu update for koffice	01/12/06
Secunia	MailEnable IMAP Service Two Vulnerabilities	01/12/06
Debian	Debian update for texinfo	01/12/06
Secunia	Safari AutoFill Information Disclosure	01/12/06
Ubuntu	Ubuntu update for gnupg	01/12/06

Centre for Critical Infrastructure Protection (CCIP)

Centre for Critical Infrastructure Protection

December 2006