Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | March 2007

March 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
mod_perl	"path_info" Denial of Service Vulnerability	30/03/07
Corel	WordPerfect Document Processing Buffer Overflow	30/03/07
Joomla	Component D4J eZine "article" SQL Injection Vulnerability	30/03/07
Cisco	Unified CallManager and Presence Server ICMP Echo and IPSecDenial of Service	30/03/07
rPath	Update for inkscape	30/03/07
Ubuntu	Update for xmms	29/03/07
NaviCOPA	GET cgi-bin/cgi Request Buffer Overflow Vulnerability	29/03/07
IBM	Lotus Domino Cross-Site Scripting and Buffer Overflow Vulnerabilities	29/03/07
Ubuntu	Update for openoffice.org	29/03/07
Mandriva	Update for evolution	29/03/07
Web	Content System "path[JavascriptEdit]" File Inclusion	29/03/07
Slackware	Update for libwpd	28/03/07
Gentoo	Mgv Buffer Overflow Vulnerability	28/03/07
Avaya	Products php Multiple Vulnerabilities	28/03/07
Ubuntu	Update for evolution	28/03/07
StarOffice	Two Vulnerabilities	28/03/07
Ubuntu	Update for squid	28/03/07
WinDVD	IASystemInfo.dll ActiveX Control Buffer Overflow	27/03/07
dproxy	UDP Packet Buffer Overflow Vulnerability	27/03/07
SGI	Advanced Linux Environment Multiple Updates	27/03/07
Mercur	Messaging IMAP SUBSCRIBE Command Buffer Overflow	27/03/07
Sun	Java System Directory Server "ns-slapd" Denial of Service	27/03/07
Secunia	PHPX Multiple SQL Injection and Cross-Site Scripting	26/03/07
LAN	Management System Multiple File Inclusion	26/03/07
Mandriva	Update for inkscape	26/03/07
Mandriva	Update for squid	26/03/07
Inkscape	Format String Vulnerabilities	23/03/07
Red Hat	update for openoffice.org	23/03/07
Ubuntu	Update for inkscape	23/03/07
Secunia	Active Link Engine "catid" SQL Injection Vulnerability	23/03/07
Secunia	Active Photo Gallery "catid" SQL Injection Vulnerability	23/03/07
Secunia	W-Agora Multiple Vulnerabilities	22/03/07
OpenOffice.org	Multiple Vulnerabilities	22/03/07
SUSE	Update for openoffice_org and libwpd	22/03/07
Grandstream	BudgeTone 200 SIP Messages "WWW-Authenticate" Denial of Service	22/03/07
Squid	TRACE Request Denial of Service Vulnerability	22/03/07
XMMS	Integer Overflow and Underflow Vulnerabilities	22/03/07
Asterisk	SIP INVITE Denial of Service Vulnerability	22/03/07
Web	Wiz Forums "formatSQLInput()" SQL Injection	22/03/07
Debian	Update for openoffice.org	22/03/07
Evolution	Shared Memo Categories Format String Vulnerability	22/03/07
Gentoo	Update for nss	22/03/07
CinePlayer	IASystemInfo.dll ActiveX Control Buffer Overflow	22/03/07
InterActual	Player IASystemInfo.dll ActiveX Control Buffer Overflow	22/03/07
Gentoo	Update for php	22/03/07
Secunia	Particle Blogger "postid" SQL Injection Vulnerability	21/03/07
SUSE	Update for Mozilla Thunderbird and seamonkey	21/03/07
Secunia	Cisco IP Phone 7940/7960 SIP INVITE Denial of Service Vulnerability	21/03/07
Ubuntu	Update for libwpd	21/03/07
Secunia	NPDS "_FILES[DB][tmp_name]" SQL Injection Vulnerability	21/03/07
Fedora	Update for libwpd	21/03/07
Gentoo	Update for mod_jk	20/03/07
Gentoo	Update for ltsp	20/03/07
Mandriva	Update for libwpd	20/03/07
Mandriva	Update for openoffice.org	20/03/07
Secunia	MPM Chat "logi" Local File Inclusion Vulnerability	20/03/07
Secunia	Katalog Plyt Audio "kolumna" SQL Injection Vulnerability	20/03/07
Debian	Update for libwpd	20/03/07
Gentoo	Update for thunderbird	20/03/07
Gentoo	Update for asterisk	20/03/07
rPath	Update for gnupg	20/03/07
rPath	Update for libwpd	20/03/07
Gentoo	Update for ulogd	20/03/07
Secunia	Absolute Image Gallery XE "categoryid" SQL Injection	19/03/07
SUSE	Update for kernel	19/03/07
Fujitsu	FENCE-Pro Self-Decoding File Information Disclosure	19/03/07
Secunia	Creative Guestbook Authentication Bypass and Script Insertion	19/03/07
Secunia	Web-app.org WebAPP Unspecified Security Bypass	19/03/07
CA	BrightStor ARCserve Backup Vulnerabilities	19/03/07
WebSphere	Application Server JSP Source Code Disclosure	19/03/07
Sun	Java System Web Server Unspecified Information Disclosure	19/03/07
Debian	Update for webcalendar	19/03/07
Gentoo	Net-misc/ssh Vulnerability	16/03/07
Sun	Solaris Adobe Acrobat Multiple Vulnerabilities	16/03/07
Trend	Micro Products UPX Processing Denial of Service	16/03/07
SUSE	Update for php4 and php5	16/03/07
Red	Hat update for wireshark	16/03/07
Linux	Kernel NULL Pointer Dereferences and Security Bypass	15/03/07
Mac	OS X Security Update Fixes Multiple Vulnerabilities	15/03/07
Secunia	War FTP Daemon Unspecified Buffer Overflow Vulnerability	15/03/07
Adobe	JRun IIS 6 Connector Denial of Service	15/03/07
MySQL	Commander "home" File Inclusion Vulnerability	15/03/07
Debian	Update for gnupg	15/03/07
McAfee	EPolicy Orchestrator / ProtectionPilot ActiveX Control BufferOverflows	15/03/07
Gentoo	Update for amarok	15/03/07
Mandriva	Update for mplayer	14/03/07
Mandriva	Update for xine-lib	14/03/07
Secunia	Xine-lib Two Buffer Overflow Vulnerabilities	14/03/07
HP-UX	Update for JRE / JDK	14/03/07
Ubuntu	Update for xine-lib	14/03/07
Ubuntu	Update for ktorrent	14/03/07
MPlayer	Two Buffer Overflow Vulnerabilities	14/03/07
Fedora	Update for gnupg	14/03/07
OpenBSD	Unspecified ICMP6 Packet "mbuf" Vulnerability	13/03/07
Debian	Update for mozilla	13/03/07
Gentoo	Update for seamonkey	13/03/07
Secunia	PHP-Nuke "lang" Local File Inclusion Vulnerability	13/03/07
KTorrent	Two Vulnerabilities	13/03/07
Secunia	D-Link TFTP Server Data Handling Memory Corruption	13/03/07
WORK	System e-commerce "g_include" File Inclusion Vulnerability	13/03/07
Trustix	Update for php4	12/03/07
Magic	CMS "file" File Inclusion Vulnerability	12/03/07
Mandriva	Update for gnupg and gpgme	12/03/07
Debian	Update for php4	09/03/07
Slackware	Update for imagemagick	09/03/07
Slackware	Update for mozilla-firefox	09/03/07
Slackware	Update for seamonkey	09/03/07
Slackware	Update for mozilla-thunderbird	09/03/07
Novell	Netmail WebAdmin Long Username Buffer Overflow	09/03/07
Ubuntu	Update for gnupg	09/03/07
Slackware	Update for gnupg	09/03/07
Ubuntu	Update for thunderbird	08/03/07
Mandriva	Update for thunderbird	08/03/07
Avaya	Products PHP Multiple Vulnerabilities	08/03/07
SUSE	Update for Mozilla Firefox and seamonkey	08/03/07
SILC	Server Invalid hmac/cipher Denial of Service	08/03/07
Asterisk	Unspecified SIP Packet Handling Denial of Service	08/03/07
Mercury	Mail Transport System IMAP Data Handling Buffer Overflow	08/03/07
HP-UX	Update for GZIP	08/03/07
Conquest	"metaGetServerList()" and "processPacket()" Vulnerabilities	08/03/07
Ipswitch	IMail Server/Collaboration Suite Multiple Buffer Overflows	08/03/07
Debian	Update for clamav	08/03/07
Mani Stats Reader	"ipath" File Inclusion Vulnerability	07/03/07
Secunia	HyperBook Guestbook "data/gbconfiguration.dat" Information Disclosure	07/03/07
Red Hat	Update for gnupg	07/03/07
Enigmail	"--status-fd" Incorrect GnuPG Usage	07/03/07
WebCalendar	"noSet" Variable Overwrite Vulnerability	07/03/07
Sava's	GuestBook Script Insertion and SQL Injection	07/03/07
Links	Management Application "lcnt" SQL Injection	07/03/07
GNUMail	"--status-fd" Incorrect GnuPG Usage	07/03/07
Evolution	"--status-fd" Incorrect GnuPG Usage	07/03/07
KMail	"--status-fd" Incorrect GnuPG Usage	07/03/07
Mutt	"--status-fd" Incorrect GnuPG Usage	07/03/07
Sylpheed	"--status-fd" Incorrect GnuPG Usage	07/03/07
Apple	QuickTime Multiple Vulnerabilities	07/03/07
Fedora	Update for thunderbird	07/03/07
Simple Invoices	PDF Print Preview Security Bypass	06/03/07
Secunia	MailEnable IMAP Service "APPEND" Buffer Overflow	06/03/07
WordPress	Command Execution and PHP "eval()" Injection	06/03/07
Apache	Tomcat JK Web Server Connector Long URL Buffer Overflow	06/03/07
Lenovo	Intel PRO/1000 LAN Adapter Software Unspecified Vulnerability	06/03/07
EMC	NetWorker Management Console Weak Authentication	06/03/07
Kaspersky	Anti-Virus Engine UPX Processing Denial of Service	06/03/07
Red Hat	Update for thunderbird	06/03/07
Gentoo	Update for mozilla-firefox and mozilla-firefox-bin	06/03/07
ANGEL	Learning Management Suite "id" SQL Injection	06/03/07
Gentoo	Update for emul-linux-x86-qtlibs	06/03/07
Secunia	ISPUtil "activesessions.ini" Information Disclosure	06/03/07
Gentoo	Multiple Vulnerabilities in mozilla and mozilla-bin	06/03/07
Novell	Access Manager SSLVPN Server "policy.txt" Security Bypass	05/03/07
Gentoo	Update for spamassassin	05/03/07
Gentoo	Update for clamav	05/03/07
Symantec	Mail Security for SMTP Unspecified Message HandlingVulnerability	05/03/07
Gentoo	Update for snort	05/03/07
Secunia	Blender KML/KMZ Import Command Injection Vulnerability	02/03/07
Mandriva	Update for firefox	02/03/07
Ubuntu	Update for firefox	02/03/07
Gentoo	Update for mplayer	02/03/07
Citrix	Presentation Server Client Unspecified Code Execution	02/03/07
Cisco	NAM SNMP Spoofing Vulnerability	02/03/07
Secunia	XM Easy Personal FTP Server Format String Vulnerability	02/03/07
MPlayer	RTSP Stream Buffer Overflow Vulnerability	02/03/07
Secunia	FCRing "s_fuss" File Inclusion Vulnerability	02/03/07
SGI	Update for seamonkey	02/03/07
Secunia	SQLiteManager "SQLiteManager_currentTheme" Directory Traversal	01/03/07
Fedora	Update for firefox	01/03/07
rPath	Update for php, php-mysql, and php-pgsql	01/03/07
Secunia	SHOUTcast Logfile Script Insertion Vulnerability	01/03/07
Gentoo	Update for chmlib	01/03/07