Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | April 2007

April 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
MyDNS	DNS Update Denial of Service	30/04/07
Ubuntu	Update for php	30/04/07
Gimp	SUNRAS Plugin "set_color_table()" Buffer Overflow	30/04/07
IBM	WebSphere Application Server Unspecified Vulnerability	30/04/07
IncrediMail	IMMenuShellExt ActiveX Control Buffer Overflow	30/04/07
Red Hat	update for java-1.4.2-ibm	30/04/07
Secunia	AccuSoft ImageGear igcore15d.dll Buffer Overflow Vulnerability	27/04/07
Secunia	NaviCOPA GET Request Denial of Service Vulnerability	27/04/07
Ripe	Website Manager SQL Injection and Cross-Site Scripting	26/04/07
Secunia	Adobe Photoshop Bitmap File Handling Buffer Overflow Vulnerability	26/04/07
Avaya	Products Wireshark Multiple Denial of Service Vulnerabilities	26/04/07
Secunia	InterVideo HomeTheater WinDVDX ActiveX Control Buffer Overflow	26/04/07
Asterisk	T.38 SDP Buffer Overflows and Management Interface Denial ofService	26/04/07
CA	BrightStor ARCserve Backup Media Server Multiple Buffer Overflows	26/04/07
SilverStripe	"search" Unspecified Vulnerability	26/04/07
Gentoo	Update for clamav	26/04/07
SUSE	Update for opera	26/04/07
Debian	Update for aircrack-ng	26/04/07
Secunia	Post Revolution "dir" File Inclusion Vulnerabilities	26/04/07
Secunia	Big Blue Guestbook "comments" Script Insertion	26/04/07
Secunia	EsForum "idsalon" SQL Injection Vulnerability	26/04/07
Microgaming	Download Helper ActiveX Control Buffer Overflow Vulnerability	26/04/07
OpenBSD	IPv6 Type 0 Route Headers Denial of Service	26/04/07
Secunia	ACVSWS "CheminInclude" File Inclusion Vulnerability	26/04/07
HP-UX	Sendmail Unspecified Denial of Service	26/04/07
Gentoo	Update for blender	26/04/07
Apple	QuickTime Java Handling Unspecified Code Execution	26/04/07
SUSE	Update for Multiple Packages	24/04/07
3proxy	Transparent Request Handling Buffer Overflow	24/04/07
Secunia	ACDSee Products "ID_X.apl" XPM File Handling Buffer Overflow	24/04/07
Secunia	XnView XPM File Handling Buffer Overflow	24/04/07
Gentoo	Update for aircrack-ng	24/04/07
Gentoo	Update for 3proxy	24/04/07
Trustix	Update for freetype and clamav	24/04/07
Nortel	VPN Router Security	23/04/07
SUSE	Update for clamav	23/04/07
Slackware	Update for freetype	23/04/07
Nortel	VPN Router Default User Accounts and Missing AuthenticationChecks	23/04/07
Red Hat	Stronghold update for php	23/04/07
Slackware	Update for xine-lib	23/04/07
HP	Oracle for OpenView Multiple Vulnerabilities	23/04/07
Secunia	PHP-Nuke SQL Filter Bypass and SQL Injection Vulnerabilities	23/04/07
Apple	Updates for Multiple Vulnerabilities	20/04/07
SUSE	Update for clamav	20/04/07
Sun	Solaris Mozilla 1.7 Vulnerabilities	20/04/07
Second	Sight ActiveMod ActiveX Control Buffer Overflow Vulnerability	20/04/07
IBM	Tivoli Monitoring Various Services Buffer OverflowVulnerabilities	20/04/07
Novell	GroupWise WebAccess Base64 Decoding Buffer Overflow	20/04/07
rPath	Update for lighttpd	20/04/07
BMC	PATROL "bgs_sdservice.exe" Memory Corruption	20/04/07
rPath	Update for php, php-mysql, and php-pgsql	20/04/07
Oracle	Products Multiple Vulnerabilities	19/04/07
Secunia	HP UX Tru64 Multiple SSL and BIND Vulnerabilities	19/04/07
Secunia	HP Insight Management Agents SSL Vulnerabilities	19/04/07
Secunia	ShoutPro "shout" PHP Code Injection Vulnerability	19/04/07
McAfee	VirusScan Enterprise On-Access Scanner Unicode Filename Buffer Overflow	19/04/07
Sun	Solaris and Java Web Console Format String Vulnerability	19/04/07
Gentoo	Update for madwifi-ng	19/04/07
webMethods	Glue "resource" Directory Traversal Vulnerability	19/04/07
PHP-Nuke	VWar Module SQL Injection and Cross-Site Scripting	19/04/07
US-CERT	New Rinbot Variant Attempting to Exploit Microsoft Windows DNS RPC Vulnerability	18/04/07
Secunia	Simple PHP Scripts Gallery "gallery" File Inclusion	18/04/07
Mozilla	Firefox Wizz RSS News Reader Extension Cross-Context Scripting	18/04/07
Red Hat	Update for php	18/04/07
Mandriva	Update for ipsec-tools	18/04/07
Secunia	StoreFront For Gallery "GALLERY_BASEDIR" File InclusionVulnerabilities	18/04/07
Red Hat	Update for php	18/04/07
Akamai	Download Manager ActiveX Control Buffer Overflow Vulnerabilities	18/04/07
Gentoo	Update for inkscape	18/04/07
Gentoo	Update for openoffice and openoffice-bin	18/04/07
Secunia	LS Simple guestbook "message" PHP Code Execution	17/04/07
FileZilla	Unspecified Format String Vulnerabilities	17/04/07
Red Hat	Update for freetype	17/04/07
Red Hat	Update for squid	17/04/07
SUSE	Update for Multiple Packages	17/04/07
Gentoo	Update for xine-lib	17/04/07
LANDesk	Management Suite Alert Service Buffer Overflow	17/04/07
lighttpd	"mtime" and "\r\n\r\n\" Denial of Service Vulnerabilities	17/04/07
Clam AntiVirus	Two Vulnerabilities	16/04/07
PhpWiki	"UpLoad" PHP Script Upload Vulnerability	16/04/07
Open Business Management	Authentication Bypass	16/04/07
Cisco	Wireless Control System Vulnerability and Security Issues	16/04/07
Avaya	Products Incorrect GnuPG Usage	16/04/07
Microsoft	Windows DNS Service Buffer Overflow Vulnerability	16/04/07
IBM	WebSphere Application Server Unspecified Vulnerabilities	13/04/07
CoSign	POST Request Carriage Return Insertion Vulnerabilities	13/04/07
Opera	Unspecified Flash Player Plug-In Vulnerability	13/04/07
Mandriva	Update for madwifi-source	13/04/07
Mandriva	Update for apache-mod_perl	13/04/07
Sun	StarOffice and StarSuite 8 WordPerfect Vulnerability	12/04/07
Microsoft	MS07-018: Content Management Server Two Vulnerabilities	11/04/07
Microsoft	MS07-020: Agent URL Parsing Memory Corruption Vulnerability	11/04/07
Microsoft	MS07-019: Windows XP UPnP Memory Corruption Vulnerability	11/04/07
IPsec	Tools "isakmp_inf.c" Denial of Service	11/04/07
Ubuntu	Update for ipsec-tools	11/04/07
rPath	Update for openoffice.org	11/04/07
Winamp	.MAT File Handling NULL Byte Overwrite	10/04/07
SGI	Update for krb5	10/04/07
Gentoo	Update for libwpd	10/04/07
Debian	Update for xmms	10/04/07
Gentoo	Update for evince	10/04/07
Trustix	Updates for Multiple Packages	10/04/07
FastStone	Image Viewer BMP Image Handling Memory Corruption	10/04/07
ACDSee	Products BMP Image Handling Memory Corruption	10/04/07
Symantec	Enterprise Security Manager Remote Upgrade Missing Authentication	10/04/07
Secunia	IBM OpenSSH for AIX Two Vulnerabilities	10/04/07
SUSE	Update for krb5	10/04/07
HP-UX	Update for CIFS Server	10/04/07
Mozilla	Firefox Firebug Extension "console.log()" Cross-ContextScripting	10/04/07
Novell	Kerberos KDC "krb5_klog_syslog()" Buffer Overflow	10/04/07
SAP	RFC Library Multiple Vulnerabilities	10/04/07
Enterasys	Networks NetSight Products TFTPD/BOOTPD Vulnerabilities	10/04/07
VMware	ESX Server Multiple Vulnerabilities	10/04/07
Kaspersky	Products Multiple Vulnerabilities	10/04/07
FreeType	BDF Font Integer Overflow Vulnerability	10/04/07
Mandriva	Update for freetype2	10/04/07
rpath	Update for ImageMagick	10/04/07
Mandriva	Update for krb5	10/04/07
Slackware	Update for ktorrent	10/04/07
Gentoo	Update for openpbs	10/04/07
MyBB	"Client-IP" SQL Injection and Code Execution	10/04/07
Sun	SEAM Kerberized telnetd Daemon Arbitrary User Login	10/04/07
Ubuntu	Update for krb5	10/04/07
PHP-Nuke	Addressbook Module "module_name" Local File Inclusion	10/04/07
SUSE	Update for Multiple Packages	10/04/07
MadWifi	Denial of Service and Information Disclosure Vulnerabilities	10/04/07
Gentoo	Update for asterisk	10/04/07
HP	OpenView Network Node Manager Unspecified Unauthorized Access	10/04/07
ImageMagick	DCM and XWD Buffer Overflows	10/04/07
IBM	Tivoli Provisioning Manager for OS Deployment"multipart/form-data" Handling Multiple Vulnerabilities	10/04/07
Winmail	Server "sid" Directory Traversal Vulnerability	10/04/07
Netscape	Multiple Vulnerabilities	05/04/07
Yahoo!	Messenger AudioConf ActiveX Control Buffer Overflow	05/04/07
Kerberos	Multiple Vulnerabilities	05/04/07
rPath	Updates for krb5	05/04/07
SolidWorks	Sldimdownload ActiveX Control "Run()" Insecure Method	05/04/07
Gentoo	Update for mit-krb5	05/04/07
Red Hat	update for krb5	05/04/07
Debian	Update for krb5	05/04/07
Microsoft	MS07-017 - Vulnerability in GDI Could Allow Remote Code Execution (925902)	04/04/07
SUSE	Update for gpg	03/04/07
SUSE	Update for gpg	03/04/07
HP	Mercury Quality Center Unspecified ActiveX Control Vulnerability	03/04/07
Sun	Solaris Mozilla 1.7 Vulnerability	03/04/07
Gentoo	Update for squid	03/04/07
Secunia	Advanced Login "root" File Inclusion Vulnerability	02/04/07
CA BrightStor	ARCserve Backup MEDIASVR.EXE RPC Request Code Execution	02/04/07
Sun	Solaris and Java Enterprise System Network Security Services Vulnerabilities	02/04/07
Secunia	VMware ESX Server Multiple Security Updates	02/04/07
Secunia	Linksys Products Information Disclosure Security Issue	02/04/07
Gentoo	Update for ekiga	02/04/07
Mandriva	Update for openoffice.org	02/04/07
Microsoft	Windows Animated Cursor Handling Vulnerability	02/04/07