Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | May 2007

May 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
LEADTOOLS	LEAD Raster ISIS Object ActiveX Control Buffer Overflow	30/05/07
Avira	Antivir Multiple File Processing Vulnerabilities	30/05/07
Ingate	Firewall and SIParator Multiple Vulnerabilities	30/05/07
Geeklog	CAPTCHA Plugin "_CONF[path]" File Inclusion	30/05/07
Sun	Java System Web Proxy Server SOCKS Module Buffer Overflows	29/05/07
SUSE	Update for Multiple Packages	29/05/07
Gentoo	Blackdown-jdk and blackdown-jre Vulnerabilities	29/05/07
Gentoo	Update for php	29/05/07
LEADTOOLS	LEAD Raster OCR Document Object Library ActiveX ControlBuffer Overflow	29/05/07
Ademco	ATNBaseLoader100 Module ActiveX Control Buffer Overflows	29/05/07
Ubuntu	Update for pulseaudio	29/05/07
gCards	"newsid" SQL Injection Vulnerability	29/05/07
My	Little Forum "id" SQL Injection Vulnerability	29/05/07
Secunia	WabCMS "/db/wabcmsn.mdb" Database Disclosure Security Issue	29/05/07
Secunia	CpCommerce "name" Script Insertion Vulnerability	29/05/07
Secunia	Techno Dreams Web Directory "Database.mdb" Database Disclosure	29/05/07
Secunia	Rm-forum "rmforum.mdb" Database Disclosure Security Issue	29/05/07
Fundanemt	"spellcheck.php" Shell Command Injection Vulnerability	29/05/07
Debian	Update for gforge-plugin-scmcvs	28/05/07
Ubuntu	Update for kernel	28/05/07
SGI	Advanced Linux Environment Multiple Updates	28/05/07
GForge	Cvsweb.php Shell Command Injection Vulnerability	28/05/07
Nortel	Meridian CS 1000 Unspecified Denial of Service Vulnerability	28/05/07
Trustix	Updates for Multiple Packages	28/05/07
cpCommerce	"id_category" SQL Injection	28/05/07
Apple	Mac OS X Security Update for Multiple Vulnerabilities	28/05/07
LEADTOOLS	LEAD Raster Dialog File_D Object ActiveX Control MemoryCorruption	28/05/07
avast!	CAB File Processing Buffer Overflow Vulnerability	25/05/07
LEADTOOLS	LEAD Raster Dialog File Object ActiveX Control MemoryCorruption	25/05/07
2z Project	"rating" SQL Injection	25/05/07
UltraISO	CUE File Parsing Buffer Overflow Vulnerability	25/05/07
WebGUI	"dataform.pm" Security Bypass	25/05/07
rPath	Update for freetype	25/05/07
avast!	CAB File Processing Buffer Overflow Vulnerability	25/05/07
LEADTOOLS	LEAD Raster Dialog File Object ActiveX Control MemoryCorruption	25/05/07
2z Project	"rating" SQL Injection	25/05/07
UltraISO	CUE File Parsing Buffer Overflow Vulnerability	25/05/07
WebGUI	"dataform.pm" Security Bypass	25/05/07
rPath	Update for freetype	25/05/07
Secunia	Sky Software Shell MegaPack ActiveX ShComboBox ActiveX Control BufferOverflow	25/05/07
Cisco	IOS SSL Messages Denial of Service Vulnerabilities	25/05/07
Mandriva	Update for gimp	25/05/07
Ubuntu	Update for php	25/05/07
Cisco	Products Crypto Library Denial of Service	25/05/07
Ubuntu	Update for vim	25/05/07
eScan	Products Agent Service Command Decryption Buffer Overflow	25/05/07
NOD32	Antivirus Two Buffer Overflow Vulnerabilities	25/05/07
HP-UX	Update for Kerberos	25/05/07
AlstraSoft	Live Support managesettings.php Information Disclosure	25/05/07
MadWifi	Multiple Denial of Service Vulnerabilities	25/05/07
SUSE	Update for php	25/05/07
Secunia	Sky Software Shell MegaPack ActiveX ShComboBox ActiveX Control BufferOverflow	24/05/07
Cisco	IOS SSL Messages Denial of Service Vulnerabilities	24/05/07
Mandriva	Update for gimp	24/05/07
Ubuntu	Update for php	24/05/07
Cisco	Products Crypto Library Denial of Service	24/05/07
Ubuntu	Update for vim	24/05/07
eScan	Products Agent Service Command Decryption Buffer Overflow	24/05/07
NOD32	Antivirus Two Buffer Overflow Vulnerabilities	24/05/07
HP-UX	Update for Kerberos	24/05/07
MadWifi	Multiple Denial of Service Vulnerabilities	24/05/07
SUSE	Update for php	24/05/07
ImagN'For Windows	IMW32040.OCX ActiveX Control Buffer Overflows	23/05/07
Group-Office	Message.php and messages.php E-Mail Security Bypass	23/05/07
KSignSWAT	AxKSignSWAT Module ActiveX Control Buffer Overflow	23/05/07
BlockHosts	"hosts.allow" Denial of Service	23/05/07
RSA	BSAFE Unspecified Denial of Service Vulnerability	23/05/07
HT Editor	Display Width Buffer Overflow Vulnerability	23/05/07
FreeType	TTF Font Parsing Vulnerability	23/05/07
MolyX	Board "lang" Local File Inclusion	23/05/07
LEADTOOLS	LEAD ISIS Control ActiveX Control Buffer Overflow	23/05/07
ol'bookmarks	Multiple Vulnerabilities	23/05/07
SUSE	Update for samba	23/05/07
ircd-ratbox	Unspecified Denial of Service Vulnerability	22/05/07
Eggdrop	Server Module Private Message Processing Buffer Overflow	22/05/07
Libstats	"rInfo[content]" File Inclusion Vulnerability	22/05/07
Debian	Update for php5	22/05/07
LEADTOOLS	LEAD Thumbnail Browser Control ActiveX Control BufferOverflow	22/05/07
LEADTOOLS	LEAD Raster Thumbnail Object Library ActiveX Control BufferOverflow	22/05/07
Secunia	Vizayn Urun Tanitim Sitesi "id" SQL Injection	22/05/07
OPeNDAP	BES Software File Enumeration and Command ExecutionVulnerabilities	22/05/07
Secunia	Gazi Download Portal "id" SQL Injection	22/05/07
Secunia	Opera Torrent File Handling Buffer Overflow Vulnerability	22/05/07
SunLight	CMS "root" File Inclusion Vulnerability	22/05/07
Red Hat	Update for gimp	22/05/07
WordPress	"admin-ajax.php" SQL Injection	22/05/07
Interchange	Unspecified HTTP POST Request Handling Denial Of Service	21/05/07
LEADTOOLS	JPEG2000 LTJ2K14.OCX ActiveX Control Buffer Overflow	21/05/07
Globus Toolkit	Nexus Unspecified Denial of Service Vulnerability	21/05/07
Magic	ISO Maker CUE File Parsing Memory Corruption Vulnerability	21/05/07
Gentoo	Update for PhpWiki	21/05/07
Red Hat	Update for ipsec-tools	21/05/07
WinImage	FAT Image Long Pathname Buffer Overflow Vulnerabilities	18/05/07
Norton	Personal Firewall ISAlertDataCOM ActiveX Control Buffer Overflow	18/05/07
Trustix	Updates for Multiple Packages	18/05/07
Red Hat	Update for kernel	18/05/07
Gentoo	Update for samba	18/05/07
Gentoo	Update for samba	18/05/07
PrecisionID	Linear Barcode ActiveX Control Buffer Overflow	18/05/07
SUSE	Updates for Multiple Packages	18/05/07
Sun	JDK ICC and BMP Parser Vulnerabilities	18/05/07
Symantec	Discovery XferWan.exe Packet Parsing Buffer Overflows	18/05/07
Centennial Discovery	XferWan.exe Packet Parsing Buffer Overflows	18/05/07
Little Cms	ICC Profile Parsing Buffer Overflow Vulnerability	18/05/07
Ubuntu	Update for samba	18/05/07
Debian	Update for samba	18/05/07
Geeklog	Media Gallery Module "_MG_CONF[path_html]" File Inclusion	16/05/07
BEA	JRockit Multiple Vulnerabilities	16/05/07
BEA	Products Multiple Vulnerabilities	16/05/07
rPath	Update for samba and samba-swat	16/05/07
Samba	Multiple Vulnerabilities	16/05/07
Slackware	Update for samba	16/05/07
Mandriva	Update for samba	16/05/07
Red Hat	Update for samba	16/05/07
IDAutomation	Linear Barcode ActiveX Control Buffer Overflow	15/05/07
Database Comparer	ActiveX Control Buffer Overflow Vulnerability	15/05/07
CommuniGate	Pro WebMail Script Insertion Vulnerability	15/05/07
Debian	Update for kernel	15/05/07
H-Sphere	SiteStudio "template" Information Disclosure	14/05/07
Apple	Darwin Streaming Server Buffer Overflow Vulnerabilities	14/05/07
Secunia	Original Photo Gallery "x[1]" File Inclusion Vulnerability	14/05/07
Secunia	Thyme "eid" SQL Injection Vulnerability	14/05/07
SGI	Advanced Linux Environment Multiple Updates	14/05/07
Gentoo	Update for imagemagick	14/05/07
Novell	NetMail NMDMC.EXE Buffer Overflow Vulnerability	14/05/07
CA	Buffer Overflow and Privilege Escalation Vulnerabilities	14/05/07
Mandriva	Update for php	14/05/07
SUSE	Update for kernel	11/05/07
Mandriva	Update for vim	11/05/07
SimpleNews	"news_id" SQL Injection Vulnerability	11/05/07
AForum	"CommonAbsDir" and "header" File Inclusion	11/05/07
Symantec	Products NAVOpts.dll ActiveX Control Security BypassVulnerability	11/05/07
Cisco	IOS FTP Server Multiple Vulnerabilities	11/05/07
IBM	WebSphere Application Server Java Message Service UnspecifiedVulnerability	10/05/07
Red Hat	Red Hat update for vim	10/05/07
CGX	"pathCGX" File Inclusion Vulnerability	10/05/07
BearShare	NCTAudioFile2 ActiveX Control Buffer Overflow	10/05/07
Advanced	Guestbook Multiple Vulnerabilities	10/05/07
BarCodeWiz	Barcode ActiveX Control Buffer Overflow Vulnerability	10/05/07
Nokia	Intellisync Mobile Suite Multiple Vulnerabilities	10/05/07
Red Hat	Red Hat update for php	10/05/07
IBM	DB2 Universal Database Unspecified Code Execution Vulnerability	10/05/07
McAfee	SecurityCenter Subscription Manager ActiveX Control BufferOverflow	10/05/07
RIM	TeamOn Import Object ActiveX Control Buffer OverflowVulnerability	10/05/07
Mandriva	Update for clamav	10/05/07
Internet	Explorer Multiple Vulnerabilities	10/05/07
Microsoft	Exchange Multiple Vulnerabilities	10/05/07
Microsoft	Internet Explorer Multiple Vulnerabilities	09/05/07
Microsoft	Microsoft Exchange Multiple Vulnerabilities	09/05/07
Microsoft	Excel Three Code Execution Vulnerabilities	09/05/07
Microsoft	Office Drawing Object Code Execution Vulnerability	09/05/07
CAPICOM	CAPICOM.Certificates ActiveX Control Vulnerability	09/05/07
Slackware	Update for php	09/05/07
Gentoo	Update for ipsec-tools	09/05/07
Gentoo	Update for lighttpd	09/05/07
Secunia	TAL Bar Code ActiveX Control Buffer Overflow Vulnerability	09/05/07
Gentoo	Update for gimp	09/05/07
Trend Micro	ServerProtect Two Buffer Overflow Vulnerabilities	09/05/07
HTTP File Upload	ActiveX Control Buffer Overflow Vulnerability	08/05/07
SUSE	Update for Multiple Packages	08/05/07
Secunia	Nuked-Klan "X-Forwarded-For" SQL Injection Vulnerability	08/05/07
Office Viewer	ActiveX Control Buffer Overflow Vulnerabilities	08/05/07
AXIS	Camera Control "SaveBMP()" Method Buffer Overflow	07/05/07
PHP	Multiple Vulnerabilities	07/05/07
Secunia	Open Translation Engine "ote_home" File Inclusion	07/05/07
Secunia	PHP Coupon Script "bus" SQL Injection	07/05/07
rPath	Update for gimp	07/05/07
Red Hat	Red Hat update for evolution	04/05/07
HP	ProCurve 9300m Unspecified Denial of Service	04/05/07
Treble Designs	1024 CMS "item" Directory Traversal	04/05/07
Mambo	Unspecified Bypass Vulnerabilities	04/05/07
Cisco	PIX and ASA Denial of Service and Security Bypass	04/05/07
CMS	Made Simple "templateid" SQL Injection	03/05/07
Gentoo	Update for mod_perl	03/05/07
WordPress	WordTube Plugin "wpPATH" File Inclusion	03/05/07
Excel	Viewer OCX ActiveX Control Buffer Overflow Vulnerabilities	03/05/07
WordPress	Wp-Table Plugin "wpPATH" File Inclusion	03/05/07
Sun	Java System Directory Server Denial of Service	03/05/07
sendcard	Local File Inclusion and Cross-Site Scripting	03/05/07
Gentoo	Update for freetype	03/05/07
Gentoo	Update for ktorrent	03/05/07
rPath	Update for kernel	03/05/07
PowerPoint	Viewer OCX ActiveX Control Buffer Overflow	03/05/07
The Merchant	"show" File Inclusion Vulnerability	02/05/07
TCExam	PHP Code Execution and Cross-Site Scripting	02/05/07
psipuss	Multiple SQL Injection Vulnerabilities	02/05/07
Debian	Update for qemu	02/05/07
QEMU	Various Vulnerabilities	02/05/07
Progress	Information Disclosure and Data Manipulation	02/05/07
Vim	Modelines "feedkeys()" Shell Command Execution	02/05/07
VMware	Workstation Multiple Vulnerabilities	02/05/07
Winamp	MP4 File Handling Memory Corruption Vulnerability	02/05/07
Trillian	Information Leakage and Buffer Overflow Vulnerabilities	02/05/07
ISC	BIND "query_addsoa" Denial of Service	02/05/07
OPeNDAP	CGI Server Command Execution Vulnerability	02/05/07
Java 2	Privilege Escalation Vulnerability	02/05/07
WordPress	MyGallery Plugin "myPath" File Inclusion	01/05/07
Plesk	"locale_id" Directory Traversal Vulnerabilities	01/05/07
PostNuke	PnFlashGames Module "cid" SQL Injection	01/05/07
Imager	8Bit BMP File Parsing Buffer Overflow Vulnerability	01/05/07
Linux	Kernel IPv6 Type 0 Route Headers Denial of Service	01/05/07
MyServer	Data Processing Denial of Service Vulnerability	01/05/07
SUSE	Update for Multiple Packages	01/05/07
FreeBSD	IPv6 Type 0 Route Headers Denial of Service	01/05/07
Corel	Paint Shop Pro Photo PNG File Handling Buffer Overflow	01/05/07
Secunia	Pi3Web HTTP Request Processing Denial of Service Vulnerability	01/05/07
Adobe	Products PNG.8BI PNG File Handling Buffer Overflow	01/05/07
Sun	Java System Directory Server NSS Denial of Service	01/05/07
IrfanView	Formats Plug-in IFF File Handling Buffer OverflowVulnerability	01/05/07
Debian	Update for php5	01/05/07
Debian	Update for php4	01/05/07
Debian	Update for clamav	01/05/07