Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | September 2007

September 2007

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Microsoft	Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)	28/09/07
Novus	"nota_id" SQL Injection Vulnerability	28/09/07
CA BrightStor	Hierarchical Storage Manager CsAgent Vulnerabilities	28/09/07
Tk	GIF Processing Buffer Overflow Vulnerability	28/09/07
PHP-Nuke	Dance Music Module Local File Inclusion	28/09/07
rPath	Update for openssl	27/09/07
Red Hat	update for gimp	27/09/07
Simple PHP Blog	Cross-Site Scripting and File Upload Vulnerabilities	27/09/07
Sun	StarOffice Office Suite TIFF Parsing Integer OverflowVulnerabilities	26/09/07
Red Hat	Fedora Update for libsndfile	26/09/07
Secunia	Xitami "If-Modified-Since" Buffer Overflow Vulnerability	26/09/07
Mandriva	Update for php	26/09/07
Gentoo	Update for jrockit-jdk-bin	26/09/07
HP	TCP/IP Services for OpenVMS BIND Vulnerability	26/09/07
Secunia	CMS Made Simple PHP "eval()" Injection Vulnerability	26/09/07
Secunia	Helplink "file" File Inclusion Vulnerability	26/09/07
NetSupport	Manager Client Authentication Bypass Vulnerability	26/09/07
DFD	Cart "set_depth" Multiple File Inclusion Vulnerabilities	25/09/07
Secunia	Xcms "cpass.php" Authentication Bypass Vulnerability	25/09/07
ImageMagick	Multiple Vulnerabilities	25/09/07
Secunia	Bcoos Arcade "gid" SQL Injection Vulnerability	25/09/07
Wordsmith	"_path" File Inclusion Vulnerability	25/09/07
Gentoo	Update for clamav	24/09/07
Gentoo	Update for rsync	24/09/07
Mandriva	Update for openoffice.org	24/09/07
SUSE	Update for OpenOffice_org	24/09/07
IBM	Tivoli Storage Manager Client Information Disclosure and Buffer Overflow	24/09/07
Mercury	Mail Transport System IMAPD SEARCH Buffer Overflow	24/09/07
Red Hat	update for nfs-utils-lib	24/09/07
SGI	Advanced Linux Environment Multiple Updates	24/09/07
OneCMS	"abc" SQL Injection Vulnerability	24/09/07
VMware	ESX Server Multiple Security Updates	24/09/07
Red Hat	update for libvorbis	24/09/07
VMWare	Products Multiple Vulnerabilities	24/09/07
Secunia	PhpWebGallery "author" Script Insertion	24/09/07
Gentoo	Update for poppler	24/09/07
Fedora	Update for qt	20/09/07
Fedora	Update for openoffice.org	20/09/07
Sun	Solaris BIND 8 Predictable DNS Query IDs Vulnerability	20/09/07
Fedora	Update for php	20/09/07
jetAudio	JetFlExt Class ActiveX Control Insecure Method	20/09/07
phpBB	Styles Demo Module SQL Injection and Cross-Site Scripting	20/09/07
Ubuntu	Update for qt	20/09/07
Gentoo	Update for phpwiki	20/09/07
Fedora	Update for gd	20/09/07
rPath	Update for kdebase	20/09/07
rPath	Update for openoffice.org	20/09/07
Merak	Mail Server Email Body Script Insertion Vulnerability	20/09/07
Joomla	Joomla!FlashFun Component "mosConfig_live_site" File Inclusion	20/09/07
Joomla	Joomla!12Pictures Component "mosConfig_live_site" FileInclusion	20/09/07
OpenOffice	Two TIFF Parsing Integer Overflow Vulnerabilities	19/09/07
Trustix	Update for Multiple Packages	19/09/07
OpenOffice	TIFF Parsing Integer Overflow Vulnerabilities	19/09/07
rPath	Update for Multiple php Packages	19/09/07
Red Hat	update for openoffice.org	19/09/07
Debian	Update for openoffice.org	19/09/07
rPath	Update for lighttpd	19/09/07
Gentoo	Flac123 Comment Parsing Vulnerability	19/09/07
phpFFL	"PHPFFL_FILE_ROOT" File Inclusion Vulnerabilities	19/09/07
Gentoo	Update for eggdrop	19/09/07
rPath	Update for xorg-x11	19/09/07
Secunia	EWire Payment Client "paymentinfo" Arbitrary Command Execution	18/09/07
PhotoChannel	Networks Photo Upload Plugin ActiveX Control Buffer Overflows	18/09/07
Gentoo	Update for realplayer	18/09/07
Avaya Products	Qt QTextEdit Error Message Handling Format String Vulnerability	18/09/07
Gelato	"post" SQL Injection Vulnerability	18/09/07
Avaya Products	BIND Predictable DNS Query IDs Vulnerability	18/09/07
PHP	Webquest "id_actividad" SQL Injection	18/09/07
Microsoft	Windows CFileFind Class "FindFile()" Buffer Overflow	18/09/07
Gentoo	Update for kvirc	17/09/07
Qt	QUtf8Decoder Off-By-One Vulnerability	17/09/07
Gentoo	Update for streamripper	17/09/07
Red Hat	update for qt	17/09/07
Mandriva	Update for qt	17/09/07
Secunia	LetterGrade Cross-Site Scripting and Script Insertion Vulnerabilities	17/09/07
WinSCP	Protocol Handler Command Line Switch Injection	17/09/07
Microsoft	Visual Studio Two ActiveX Controls Insecure Methods	17/09/07
GForge	"skill_delete" SQL Injection Vulnerability	17/09/07
Autodesk	Backburner Manager Server Unauthorized Command Execution	17/09/07
Alien Arena 2007	Multiple Vulnerabilities	17/09/07
Joomla	Joomlaradio Component "mosConfig_live_site" File Inclusion	17/09/07
Slackware	Update for php	17/09/07
Mandriva	Update for librpcsecgss	14/09/07
Plesk	"PLESKSESSID" SQL Injection Vulnerability	14/09/07
Fedora	Update for lighttpd	14/09/07
Fedora	Update for wordpress	14/09/07
Media Player	Classic AVI File Processing Buffer Overflow	14/09/07
Storm Player	AVI File Processing Buffer Overflow	14/09/07
Callisto	PhotoParade Player PhPInfo ActiveX Control Buffer Overflow	14/09/07
Red Hat	update for kernel	14/09/07
Secunia	CS GuestBook User Credentials Information Disclosure	14/09/07
Debian	Update for phpwiki	14/09/07
Joomla	Restaurante Component File Upload Vulnerability	14/09/07
Gentoo	Update for mit-krb5	14/09/07
IBM	Tivoli Compliance Insight Manager Oracle Multiple Vulnerabilities	13/09/07
Debian	Update for ktorrent	13/09/07
Wordpress	Script Insertion and SQL Injection Vulnerabilities	13/09/07
Secunia	TEC Sound Recorder NCTAudioFile2 ActiveX Control Buffer Overflow	13/09/07
Secunia	Hit-Recorder NCTAudioFile2 ActiveX Control Buffer Overflow	13/09/07
Debian	Update for jffnms	13/09/07
Secunia	A-one Software Products NCTAudioFile2 ActiveX Control Buffer Overflow	13/09/07
Secunia	Plato Products NCTAudioFile2 ActiveX Control Buffer Overflow	13/09/07
Debian	Update for gforge	12/09/07
Microsoft	Agent URL Handling Memory Corruption Vulnerability	12/09/07
Microsoft	Visual Studio Crystal Reports RPT Processing Buffer Overflow	12/09/07
Secunia	Psi Social Networking Script "u" SQL Injection Vulnerability	12/09/07
Microsoft	Visual Basic VBP File Processing Buffer Overflow	12/09/07
Proxy	Anket "id" SQL Injection Vulnerability	12/09/07
phpMyQuote	"id" SQL Injection and Cross-Site Scripting	12/09/07
Fedora	Update for snort	11/09/07
Fedora	Update for clamav	11/09/07
IBM	WebSphere Application Server Unspecified Vulnerability	11/09/07
Fedora	Update for gd	11/09/07
lighttpd	Mod_fastcgi PHP Header Overflow	11/09/07
Mandriva	Update for krb5	10/09/07
Sophos	Anti-Virus Archive Filename Script Insertion Vulnerability	10/09/07
Mandriva	Update for eggdrop	10/09/07
rPath	Update for krb5	10/09/07
Total Commander	FTP Download Directory Traversal Vulnerability	10/09/07
ER Mapper	ECW JPEG 2000 Plug-ins NCSView ActiveX Control Buffer Overflows	10/09/07
Magellan	Explorer FTP Directory Traversal Vulnerability	10/09/07
Unreal	Commander FTP Download Directory Traversal Vulnerability	10/09/07
Cisco	Catalyst Content Switching Modules Denial of Service Vulnerabilities	10/09/07
Cisco	Video Surveillance IP Gateway and Services Platform Authentication Bypass	10/09/07
Broderbund	Expressit 3DGreetings Player ActiveX Control Multiple Buffer Overflows	10/09/07
rPath	Update for gd and Multiple php Packages	10/09/07
Fedora	Update for mapserver	07/09/07
Sun	Solaris Kerberos RPCSEC_GSS Vulnerability	07/09/07
Fedora	Update for krb5	07/09/07
Fedora	Update for vavoom	07/09/07
Fedora	Update for claws-mail	07/09/07
Apple	ITunes Music File Buffer Overflow Vulnerability	07/09/07
Mambo	AkoBook Component Script Insertion	07/09/07
Kerberos	Multiple Vulnerabilities	06/09/07
Debian	Update for krb5	06/09/07
Apple	AirPort Extreme Base Station IPv6 Type 0 Route Headers Denialof Service	06/09/07
Red Hat	update for krb5	06/09/07
Red Hat	update for cyrus-sasl	06/09/07
Ubuntu	Update for krb5 and librpcsecgss	06/09/07
Secunia	Librpcsecgss "svcauth_gss_validate()" Buffer Overflow	06/09/07
Intuit	QuickBooks Online Edition ActiveX Control Multiple Vulnerabilities	06/09/07
Debian	Update for librpcsecgss	06/09/07
Secunia	Pawfaliki "page" Directory Traversal Vulnerability	06/09/07
SUSE	Update for kernel	06/09/07
Red Hat	Network Satellite Server Code Execution Vulnerability	05/09/07
MailMarshal	Tar Archive Directory Traversal	05/09/07
Apache	Struts XWork Input Validation OGNL Command InjectionVulnerability	05/09/07
Secunia	Move Media Player Quantum Streaming IE Player ActiveX Control BufferOverflows	05/09/07
eZ Publish	Two Security Bypass Vulnerabilities	05/09/07
Debian	Update for vim	05/09/07
Debian	Update for kernel	05/09/07
Debian	Update for clamav	05/09/07
Virtual	DJ M3U Playlist Buffer Overflow Vulnerability	05/09/07
Mandriva	Update for clamav	04/09/07
SUSE	Updates for Multiple Packages	04/09/07
Slackware	Update for jdk and jre	04/09/07
Hitachi	JP1/Cm2/Network Node Manager Shared Trace ServiceVulnerability	04/09/07
Hitachi	Cosminexus Products DoS and Buffer Overflow Vulnerabilities	04/09/07
Ubuntu	Update for kernel	03/09/07
Shopping Basket	Professional Directory Traversal Vulnerability	03/09/07
ACG	News Multiple SQL Injection Vulnerabilities	03/09/07
HP	Tru64 UNIX BIND Predictable DNS Query IDs Vulnerability	03/09/07
PHP	Multiple Vulnerabilities	03/09/07