Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | August 2007

August 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Cisco	CallManager / CUCM Cross-Site Scripting and SQL Injection	31/08/07
Debian	Update for postfix-policyd	31/08/07
Yahoo!	Messenger YVerInfo.dll ActiveX Control Buffer Overflow	31/08/07
Pakupaku	CMS File Upload and Local File Inclusion	31/08/07
Ubuntu	Update for tcp-wrappers	31/08/07
Debian	Update for lighttpd	31/08/07
Doomsday	Multiple Vulnerabilities	31/08/07
SUSE	Update for opera	31/08/07
PDFedit	"StreamPredictor" Multiple Vulnerabilities	30/08/07
BEA	WebLogic Multiple Vulnerabilities and Security Issues	30/08/07
Mandriva	Update for kernel	30/08/07
Debian	Update for rsync	30/08/07
BEA	JRockit Multiple Vulnerabilities	30/08/07
Novell	Client NWSPOOL.DLL Buffer Overflow Vulnerabilities	30/08/07
Oracle	JInitiator "beans.ocx" ActiveX Control Buffer Overflow Vulnerabilities	30/08/07
BIND	8 Predictable DNS Query IDs Vulnerability	29/08/07
Secunia	MSN Messenger Video Conversation Buffer Overflow Vulnerability	29/08/07
BitchX	"MODE" Buffer Overflow	29/08/07
Subversion	Client Directory Traversal Vulnerability	29/08/07
Motorola	Timbuktu Pro Directory Traversal and Buffer Overflows	29/08/07
TortoiseSVN	Client Directory Traversal Vulnerability	29/08/07
ACTi	NVR Server nvUtility.Utility ActiveX Control Insecure Methods	29/08/07
Ubuntu	Update for mozilla-thunderbird	29/08/07
2532\|Gigs	"language" Local File Inclusion	29/08/07
SGI	Advanced Linux Environment Multiple Updates	28/08/07
Debian	Update for asterisk	28/08/07
Helix	DNA Server RTSP Buffer Overflow	28/08/07
ALPass	"Import Site Information" Multiple Vulnerabilities	28/08/07
Thomson	SpeedTouch 2030 Denial of Service Vulnerability	28/08/07
Grandstream	GXV3000 Eavesdropping and Denial of Service Vulnerability	27/08/07
Mandriva	Update for gimp	27/08/07
Ipswitch	WS_FTP Server Script Insertion Vulnerability	27/08/07
Media Player	Classic FLI File Processing Buffer Overflow	27/08/07
Sophos	Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities	27/08/07
Joomla	Nice Talk Component "tagid" SQL Injection	27/08/07
Soldat	Multiple Denial of Service Vulnerabilities	27/08/07
rPath	Update for rsync	24/08/07
Gentoo	Update for opera	24/08/07
Gentoo	Update for qt	24/08/07
Rogue Trooper	Asura Engine Packet Handling Buffer Overflow	24/08/07
PRISM	Guard Shield Asura Engine Packet Handling Buffer Overflow	24/08/07
Asterisk	SIP Channel Driver Dialog History Memory Exhaustion	23/08/07
Trend Micro	Products SSAPI Module Long Path Processing BufferOverflow	23/08/07
ClamAV	Multiple Denial of Service Vulnerabilities	23/08/07
Trend Micro	ServerProtect Multiple Buffer Overflow Vulnerabilities	23/08/07
IBM	AIX BIND Predictable DNS Query IDs Vulnerability	23/08/07
Secunia	Joomla SimpleFAQ Component "aid" SQL Injection	23/08/07
EMC	NetWorker Remote Exec Service Buffer Overflow	22/08/07
Ubuntu	Update for rsync	22/08/07
Debian	Update for koffice	22/08/07
Mandriva	Update for rsync	22/08/07
Mandriva	Update for libvorbis	22/08/07
Yahoo!	Messenger Webcam JPEG 2000 Processing Buffer Overflow	21/08/07
rFactor	Multiple Vulnerabilities	21/08/07
Mercury	Mail Transport System SMTP AUTH CRAM-MD5 Buffer Overflow	21/08/07
Slackware	Update for tcpdump	21/08/07
SUSE	Update for Multiple Packages	21/08/07
Debian	Update for kernel	20/08/07
Secunia	JobLister index.php Two SQL Injection Vulnerabilities	20/08/07
Red Hat	update for RealPlayer	20/08/07
Gentoo	Update for lighttpd	20/08/07
Nortel	Products BIND Predictable DNS Query IDs Vulnerability	20/08/07
Gentoo	Update for wireshark	20/08/07
rsync	"f_name()" Off-By-One Vulnerability	17/08/07
Sun	JRE Font Parsing Vulnerability	17/08/07
IBM	DB2 Multiple Vulnerabilities	17/08/07
Dell	Remote Access Card SSH Denial of Service Vulnerability	17/08/07
Opera	JavaScript Invalid Pointer Vulnerability	16/08/07
Motive	Communications ActiveUtils EmailData ActiveX Buffer Overflow Vulnerabilities	16/08/07
IBM / Lenovo	Access Support acpRunner ActiveX Multiple Vulnerabilities	16/08/07
rPath	Update for openoffice.org	16/08/07
Mandriva	Update for kdegraphics	16/08/07
Gentoo	Update for Mozilla Products	16/08/07
Secunia	PHPCentral Poll "_SERVER[DOCUMENT_ROOT]" File Inclusion	16/08/07
Mandriva	Update for koffice	16/08/07
Mandriva	Update for tetex	16/08/07
Microsoft	Internet Explorer Multiple Vulnerabilities	15/08/07
Microsoft	XML Core Services Memory Corruption Vulnerability	15/08/07
Microsoft	Windows Vector Markup Language Buffer Overflow	15/08/07
Microsoft	Windows Vista Gadgets Code Execution Vulnerabilities	15/08/07
Microsoft	Windows OLE Automation Memory Corruption Vulnerability	15/08/07
Microsoft	Graphics Rendering Engine Image Handling Vulnerability	15/08/07
Microsoft	Media Player Skin Handling Code Execution Vulnerabilities	15/08/07
Microsoft	Excel rtWnDesk Record Memory Corruption Vulnerability	15/08/07
Fedora	Commons Empty LDAP Passwords Authentication Bypass	15/08/07
Debian	Update for kdegraphics	15/08/07
Debian	Update for gpdf	15/08/07
Mandriva	Update for xpdf	15/08/07
pdftohtml	"StreamPredictor::StreamPredictor()" Integer OverflowVulnerability	15/08/07
Mandriva	Update for pdftohtml	15/08/07
Mandriva	Update for poppler	15/08/07
Slackware	Update for seamonkey	14/08/07
Slackware	Update for qt	14/08/07
Debian	Update for tcpdump	14/08/07
SUSE	Update for Multiple Packages	14/08/07
Trustix	Update for Multiple Packages	14/08/07
Slackware	Update for gimp	14/08/07
Slackware	Update for xpdf	14/08/07
Gentoo	Update for squirrelmail	14/08/07
Gentoo	Update for gd	13/08/07
Gentoo	Update for clamav	13/08/07
Secunia	SAS Hotel Management System Administrator Login SQL Injection	13/08/07
Gentoo	Update for libarchive	10/08/07
Gentoo	Update for xvid	10/08/07
Gentoo	Update for netscape-flash	10/08/07
Cisco	Unified Communications Manager SIP Packet ProcessingVulnerability	10/08/07
Cisco	IOS Voice Service Multiple Protocol Handling Vulnerabilities	10/08/07
Cisco	IOS Next Hop Resolution Protocol Buffer Overflow	10/08/07
Cisco	IOS IPv6 Routing Header Information Disclosure and Denial ofService	10/08/07
HP-UX	11.11 ldcconn Buffer Overflow Vulnerability	10/08/07
Symantec	Products NavComUI ActiveX Control Code Execution	10/08/07
Red Hat	update for java-1.5.0-ibm	09/08/07
Debian	Update for pdfkit.framework	09/08/07
Ubuntu	Update for poppler	09/08/07
Debian	Update for bochs	09/08/07
Debian	Update for tetex-bin	08/08/07
Red Hat	update for java-1.5.0-sun	08/08/07
Red Hat	update for java-1.4.2-ibm	08/08/07
Red Hat	update for kdegraphics	08/08/07
Secunia	Gallery in a Box Administrator Login SQL Injection	07/08/07
Mandriva	Update for gd	07/08/07
Secunia	Next Gen Portfolio Manager SQL Injection Vulnerabilities	07/08/07
SUSE	Update for Multiple Packages	07/08/07
HP	System Management Homepage Apache and OpenSSL Vulnerabilities	07/08/07
Debian	Update for iceape	07/08/07
Debian	Update for poppler	07/08/07
Slackware	Update for thunderbird	07/08/07
Debian	Update for xpdf	07/08/07
Debian	Update for iceweasel	07/08/07
Debian	Update for xulrunner	07/08/07
Debian	Update for libextractor	07/08/07
HP-UX	Update for Bind	07/08/07
Secunia	LANAI CMS module.php SQL Injection	07/08/07
Sun	Java System Portal Server XSLT Processing Vulnerability	07/08/07
Tor	Unspecified ControlPort "torrc" Rewrite Vulnerability	06/08/07
SUSE	Update for MozillaFirefox, MozillaThunderbird, and Seamonkey	06/08/07
Ubuntu	Update for koffice	06/08/07
Ubuntu	Update for qt	06/08/07
SUSE	Update for qt3	03/08/07
FreeBSD	Update for tcpdump	03/08/07
rPath	Update for qt-x11-free	03/08/07
Slackware	Update for firefox	03/08/07
Secunia	Ipswitch IMail Server "SEARCH" Command Multiple Buffer Overflows	03/08/07
Mandriva	Update for mozilla-firefox	03/08/07
Ubuntu	Update for gimp	03/08/07
FreeBSD	Update for bind	03/08/07
Mandriva	Update for qt3	03/08/07
SUSE	Update for bind	03/08/07
Music	Box libvorbis Multiple Vulnerabilities	02/08/07
Mac	OS X Security Update Fixes Multiple Vulnerabilities	02/08/07
teTeX	Xpdf "StreamPredictor::StreamPredictor()" Integer Overflow	02/08/07
Apple	IPhone Multiple Vulnerabilities	02/08/07
Red Hat	update for qt	02/08/07
Ubuntu	Update for firefox	02/08/07
QT	QTextEdit Error Message Handling Format String Vulnerability	02/08/07
Red Hat	update for tetex	02/08/07
Hitachi	JP1/Cm2/Hierarchical Viewer Unspecified Denial of Service	01/08/07
Avaya	Products Linux Kernel Multiple Vulnerabilities	01/08/07
Red Hat	update for xpdf	01/08/07
Xpdf	"StreamPredictor::StreamPredictor()" Integer OverflowVulnerability	01/08/07
KDE	And KOffice "StreamPredictor::StreamPredictor()" Integer Overflow	01/08/07
Ubuntu	Update for tcpdump	01/08/07
Red Hat	update for cups	01/08/07
Red Hat	update for poppler	01/08/07
Mozilla	Products Addon Chrome-Loaded "about:blank" Cross-ContextScripting	01/08/07
Red Hat	update for gpdf	01/08/07
HP-UX	ARPA Transport Unspecified Denial of Service	01/08/07
Secunia	E-commerceScripts Products admin.aspx SQL Injection	01/08/07