Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | January 2007

January 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
MAXdev	MD-Pro "startrow" SQL Injection Vulnerability	31/01/07
Drupal	Comment Preview Arbitrary Code Execution	31/01/07
SUSE	Update for Multiple Packages	30/01/07
SECUNIA	IBM AIX Mail Services Authentication Vulnerability	30/01/07
DEBIAN	Update for vlc	30/01/07
SUN	Solaris FreeType Integer Overflow and Underflow Vulnerabilities	30/01/07
Gentoo	Gentoo update for vlc	29/01/07
Gentoo	Gentoo update for cacti	29/01/07
Secunia	Xero Portal "phpbb_root_path" File Inclusion Vulnerability	29/01/07
Debian	Debian update for cacti	29/01/07
Secunia	Virtual Path for phpBB "phpbb_root_path" File Inclusion	29/01/07
Secunia	Microsoft Word Unspecified Code Execution Vulnerability	29/01/07
ASP	Edge "user" SQL Injection Vulnerability	26/01/07
Gentoo	update for mit-krb5	26/01/07
Avaya	Products tar "GNUTYPES_NAMES" Record Type Security Issue	26/01/07
SGI	Advanced Linux Environment Multiple Updates	26/01/07
Cisco	IOS Multiple Vulnerabilities	26/01/07
HP-UX	update for Apache	26/01/07
Citrix	Presentation Server Print Provider Buffer Overflow Vulnerability	26/01/07
Shopping Basket	Professional Command Injection	26/01/07
CDBurnerXP	Pro NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Aurora	Media Workshop NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
McFunSoft	Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Sami	HTTP Server Connection Handling Denial of Service	25/01/07
Power	Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
MP3	Normalizer NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
NCTsoft	Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Sienzo	Digital Music Mentor NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
Quikscribe	Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Mystik	Media Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
NextLevel	Systems Products NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
Roemer	Software Products NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
BBClone	"BBC_LIB_PATH" File Inclusion Vulnerability	25/01/07
AWFFull	Unspecified Buffer Overflows	25/01/07
Linux-PAM	Login Bypass Security Vulnerability	25/01/07
phpXMLDOM	"path" File Inclusion Vulnerabilities	25/01/07
PHP	Link Directory "URL" Script Insertion Vulnerability	25/01/07
FreeWebShop.org	"lang_file" File Inclusion Vulnerability	25/01/07
MaklerPlus	Unspecified Vulnerabilities	25/01/07
BrightStor	ARCserve Backup for Laptops & Desktops Vulnerabilities	25/01/07
Secunia	Random PHP Quote pwd.txt Password Disclosure	25/01/07
Audio	Edit Magic NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Code-it	Software Products NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
Magic	Video Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Movavi	Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
DB	Audio Mixer And Editor NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
Gentoo	Update for xine-ui	25/01/07
EXPStudio	Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
SoftDiv	Software Products NCTAudioFile2 ActiveX Control BufferOverflow	25/01/07
Xrlly	Software NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Altdo	Software Products NCTAudioFile2 ActiveX Control Buffer Overflow	25/01/07
Secunia	Smart PHP Subscriber pwd.txt Password Disclosure	25/01/07
Secunia	Website Baker "REMEMBER_KEY" Cookie SQL Injection	25/01/07
Secunia	Vote! Pro PHP "eval()" Injection Vulnerability	24/01/07
SUSE	Update for xine	24/01/07
Secunia	Enthusiast Cross-Site Scripting and SQL Injection	24/01/07
VisoHotlink	"mosConfig_absolute_path" File Inclusion Vulnerability	24/01/07
SUSE	Update for acroread	24/01/07
Gentoo	Update for sun-jdk and sun-jre-bin	24/01/07
Gentoo	Update for acroread	24/01/07
Gentoo	Update for mod-auth-kerb	24/01/07
Red Hat	Update for acroread	24/01/07
Rumpus	Multiple Vulnerabilities	23/01/07
Transmit	"sftp://" URI Handler Buffer Overflow	23/01/07
Microsoft	Help Workshop Two Buffer Overflow Vulnerabilities	23/01/07
Fritz!Box	UDP Packet SIP Denial of Service	23/01/07
SUSE	Update for Multiple Packages	23/01/07
Debian	Update for netrik	23/01/07
OpenBSD	ICMP6 Denial of Service Vulnerability	23/01/07
Django	Two Vulnerabilities	23/01/07
MGB	"id" SQL Injection Vulnerability	19/01/07
SUSE	Update for IBMJava2	19/01/07
WebGUI	User Name Script Insertion Vulnerability	19/01/07
uniForum	"wbsearch.aspx" SQL Injection Vulnerability	19/01/07
SISCO	OSI Stack Denial of Service Vulnerability	19/01/07
HP-UX	IPFilter Unspecified Denial of Service Vulnerability	19/01/07
Fedora	Update for squirrelmail	19/01/07
PentaZip	Archive Handling Vulnerabilities	19/01/07
Micrsoft	Revised Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)	19/01/07
Oracle	Products Multiple Vulnerabilities	18/01/07
Ezboxx	Portal Multiple Vulnerabilities	17/01/07
Secunia	FdWeB Espace Membre "path" File Inclusion Vulnerability	17/01/07
Gentoo	Update for wordpress	17/01/07
Gentoo	Update for oftpd	17/01/07
oftpd	LPSV and LPRT Denial of Service Vulnerability	17/01/07
GOsa	Unspecified Manipulation of Data	17/01/07
Secunia	MiNT Haber Sistemi "id" SQL Injection Vulnerability	17/01/07
IPCop	Update for various packages	17/01/07
Secunia	Okul Web Otomasyon Sistemi "id" SQL Injection Vulnerability	17/01/07
Ubuntu	Update for krb5	17/01/07
rPath	Update for gd	17/01/07
Fedora	Update for w3m	17/01/07
SUSE	Update for opera	16/01/07
Gentoo	Update for w3m	16/01/07
Gentoo	Update for openoffice	16/01/07
Poplar	Gedcom Viewer "env[rootPath]" File Inclusion Vulnerability	16/01/07
Gentoo	Update for opera	16/01/07
SUSE	Update for cacti	15/01/07
SUSE	Update for mozilla	15/01/07
Ubuntu	Update for openoffice.org	15/01/07
Mandriva	Update for mozilla-firefox	15/01/07
Mandriva	Update for mozilla-thunderbird	15/01/07
Mandriva	Update for OpenOffice.org	12/01/07
Mandriva	Update for nvidia	12/01/07
Red Hat	Update for acroread	12/01/07
Mandriva	Update for krb5	12/01/07
Astaro	Update for ClamAV	12/01/07
Axiom	Photo/News Gallery "baseAxiomPath" File Inclusion Vulnerability	12/01/07
Apple	Mac OS X UFS ffs_mountfs() Integer Overflow	12/01/07
SUSE	Update for w3m	12/01/07
Gentoo	Update for seamonkey	12/01/07
Kerberos	Kadmind "mechglue" Code Execution Vulnerability	11/01/07
Adobe	Reader Unspecified Heap Corruption Vulnerability	11/01/07
Magic Photo	Storage "_config[site_path]" File Inclusion Vulnerability	11/01/07
SUSE	Update for Kerberos	11/01/07
Fedora Core 5	Update for krb5	11/01/07
Kerberos	Kadmind xprt->xp_auth Code Execution Vulnerability	11/01/07
Fedora	Update for krb5	11/01/07
adobe	ColdFusion MX File Content Disclosure Vulnerability	11/01/07
Microsoft	Excel Unspecified Code Execution Vulnerability	10/01/07
Microsoft	Windows Vector Markup Language Buffer Overflow	10/01/07
Microsoft	Outlook Multiple Vulnerabilities	10/01/07
Microsoft	Office Brazilian Portuguese Grammar Checker Vulnerability	10/01/07
SUSE	Update for Sun Java	10/01/07
Direct	Web Rendering Security Bypass and Denial of Service	10/01/07
VMWare	ESX Server Multiple Vulnerabilities	10/01/07
Debian	Update for openoffice.org	10/01/07
Debian	Update for libapache-mod-auth-kerb	10/01/07
Sun	Solaris update for gzip	10/01/07
Microsoft	Excel Unspecified Code Execution Vulnerability	10/01/07
IBM	AIX ftpd Two Vulnerabilities	10/01/07
rPath	Update for openoffice.org	10/01/07
Sun	Java System Content Delivery Server Content Details Disclosure	10/01/07
phpMyFAQ	SQL Injection and File Upload Vulnerability	10/01/07
Cisco	Secure ACS Multiple Vulnerabilities	09/01/07
Secunia	Opera Browser Two Vulnerabilities	08/01/07
Wordpress	Unspecified Vulnerability	08/01/07
Apple	iLife iPhoto Photocast XML "title" Format String Vulnerability	08/01/07
Ubuntu	Update for mozilla-thunderbird	08/01/07
Gentoo	Update for mozilla-thunderbird	08/01/07
Secunia	Fedora update for openoffice.org	08/01/07
SUSE	Update for OpenOffice_org	08/01/07
Secunia	Simple Web Content Management System "id" SQL Injection	08/01/07
Secunia	PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow	08/01/07
Secunia	E-SMART CART "product_id" SQL Injection Vulnerability	08/01/07
Secunia	WineGlass Database Disclosure Security Issue	08/01/07
CMS	Simple Web Content Management System "id" SQL Injection	05/01/07
PowerArchiver	PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow	05/01/07
OpenOffice	OpenOffice WMF/EMF Integer Overflow Vulnerability	05/01/07
Red Hat	Red Hat update for openoffice.org	05/01/07
Gentoo	Gentoo update for denyhosts	05/01/07
VLC Media Player	VLC Media Player "udp://" URI Handling Format String Vulnerability	04/01/07
rPath	rPath update for thunderbird	04/01/07
Ubuntu	Ubuntu update for w3m	04/01/07
Ubuntu	Ubuntu update for firefox	04/01/07
Apple	Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability	03/01/07
Novell	Novell NetMail NMAP/IMAP Multiple Vulnerabilities	03/01/07