Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

January 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
XnView
NConvert Radiance RGBE Buffer Overflow
31/01/08
Debian
Update for mysql-dfsg-5.0
31/01/08
Mambo
LaiThai Multiple Vulnerabilities
31/01/08
Fedora
Update for xine-lib
31/01/08
WordPress
WP-Cal Plugin "id" SQL Injection
31/01/08
Secunia
ASPired2Protect login.asp SQL Injection Vulnerabilities
31/01/08
Simple
Forum Multiple Vulnerabilities
31/01/08
IBM
Informix Storage Manager XDR Library Multiple Vulnerabilities
31/01/08
Persits
Software XUpload "AddFile()" Method Buffer Overflow
31/01/08
IrfanView
FlashPix Plug-in Memory Corruption Vulnerability
31/01/08
IBM
Hardware Management Console Pegasus CIM Denial of Service
31/01/08
Mambo
Multiple Vulnerabilities
31/01/08
SUSE
Update for php4 and php5
30/01/08
Gentoo
Update for cherrypy
30/01/08
Firebird
"username" Buffer Overflow Vulnerability
29/01/08
Gentoo
Update for ngircd
29/01/08
Debian
Update for yarssr
29/01/08
Gentoo
Update for xine-lib
29/01/08
Proficy
HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing BufferOverflow
29/01/08
phpIP
Management Two SQL Injection Vulnerabilities
29/01/08
Secunia
Pre Dynamic Institution Multiple SQL Injection Vulnerabilities
29/01/08
Fedora
Update for icu
29/01/08
Tiger
Php News System "catid" SQL Injection
28/01/08
Move
Networks Upgrade Manager Upgrade Class ActiveX Control BufferOverflow
28/01/08
rPath
Update for CherryPy
28/01/08
Fedora
Update for hsqldb
28/01/08
Seagull
PHP Framework "files" Information Disclosure
28/01/08
International Components
for Unicode Regular Expressions Vulnerabilities
28/01/08
Secunia
Docsvault Firebird Service Buffer Overflow Vulnerabilities
28/01/08
RedHat
update for icu
28/01/08
SUSE
Update for Multiple Packages
28/01/08
Liquid-Silver
CMS "update" Local File Inclusion
28/01/08
Cisco
PIX and ASA Time-To-Live Denial of Service Vulnerability
28/01/08
HTTP
File Server Multiple Vulnerabilities
28/01/08
HP-UX
ARPA Transport Unspecified Denial of Service Vulnerability
28/01/08
Debian
Update for exiv2
28/01/08
Gentoo
Update for tikiwiki
28/01/08
Lycos
FileUploader Module File Upload Component ActiveX ControlBuffer Overflow
25/01/08
PHP-Nuke
"modules/Search/index.php" SQL Injection
25/01/08
Fedora
Update for clamav
25/01/08
"Storm Love"
New Outbreak Campaign
24/01/08
Interstage
HTTP Server Multiple Vulnerabilities
24/01/08
Debian
Update for libvorbis
24/01/08
Debian
Update for xine-lib
24/01/08
Lama
Software "MY_CONF[classRoot]" File Inclusion Vulnerabilities
24/01/08
WebSphere
Application Server Two Vulnerabilities
24/01/08
Secunia
Citadel SMTP "makeuserkey()" Buffer Overflow Vulnerability
24/01/08
HP
Virtual Rooms Install HPVirtualRooms14 Class ActiveX Control Buffer Overflow
23/01/08
Mandriva
Update for cairo
23/01/08
Fedora
Update for cairo
23/01/08
Gentoo
Update for netscape-flash
23/01/08
Microsoft
Visual Basic ".dsr" File Handling Buffer Overflows
23/01/08
MyBB
SQL Injection and Cross-Site Request Forgery Vulnerabilities
23/01/08
Small Axe
Weblog linkbar.php File Inclusion Vulnerabilities
23/01/08
Debian
Update for horde3
23/01/08
Debian
Update for flac
23/01/08
Toshiba
Surveillix RecordSend Class ActiveX Control Buffer Overflows
23/01/08
Secunia
PhpAutoVideo File Inclusion and Cross-Site Scripting
23/01/08
Red Hat
Update for wireshark
23/01/08
Secunia
Numara FootPrints Arbitrary Command Execution
23/01/08
IBM
WebSphere Application Server serveServletsByClassnameEnabledVulnerability
22/01/08
WordPress
WP-Forum Plugin "user" SQL Injection
22/01/08
HP
Oracle for OpenView Multiple Vulnerabilities
22/01/08
Fa
Name "id" SQL Injection Vulnerability
22/01/08
Fa
Persian Petition "id" SQL Injection Vulnerability
22/01/08
RTSP
MPEG4 SP Control ActiveX Control "MP4Prefix" Property BufferOverflow
22/01/08
Winamp
Ultravox Streaming Metadata Parsing Buffer Overflows
22/01/08
Openfire
Jetty Information Disclosure Vulnerability
22/01/08
Secunia
Clever Copy SQL Injection and Cross-Site Scripting
22/01/08
Microsoft
Visual FoxPro ActiveX Controls Insecure Methods
22/01/08
Mini
File Host "language" Local File Inclusion
22/01/08
Cisco
Unified Communications Manager CTL Provider Service BufferOverflow
18/01/08
Citrix
Presentation Server IMA Service Buffer Overflow Vulnerability
18/01/08
MyBB
PHP Code Execution and SQL Injection Vulnerabilities
18/01/08
Microsoft
Excel File Handling Code Execution
17/01/08
Fedora
Update for xine-lib
17/01/08
Microsoft
Excel File Handling Code Execution
17/01/08
rPath
Update for libxml2
17/01/08
HP-UX
Update for xfs
17/01/08
rPath
Update for cairo
17/01/08
Apple
QuickTime Multiple Vulnerabilities
17/01/08
Apple
IPhone / iPod touch Multiple Vulnerabilities
17/01/08
Oracle
Products Multiple Vulnerabilities
17/01/08
Lotus
Sametime Client Script Execution Vulnerability
17/01/08
Apple
QuickTime RTSP Reply Reason-Phrase Buffer Overflow
17/01/08
Drupal
Multiple Vulnerabilities
17/01/08
Ubuntu
Update for libxml2
17/01/08
FreeBSD
"inet_network()" Off-By-One Vulnerability
17/01/08
Sun
Solaris Libxml2 UTF-8 Parsing Denial of Service
16/01/08
Debian
Update for gforge
16/01/08
Secunia
MySQL yaSSL Multiple Vulnerabilities
16/01/08
Microsoft
Visual InterDev ".sln" File Handling Buffer Overflow
16/01/08
Fedora
Update for drupal
16/01/08
Debian
Update for libxml2
16/01/08
Fedora
Update for tog-pegasus
16/01/08
Mandriva
Update for libxml2
16/01/08
Fedora
Update for libxml2
15/01/08
Drupal
Meta Tags Module Arbitrary Code Execution
15/01/08
SUSE
Update for cups
14/01/08
IBM
Tivoli Storage Manager Express Buffer Overflow Vulnerability
14/01/08
Secunia
Oracle Siebel SimBuilder NCTAudioFile2 ActiveX Control BufferOverflow
14/01/08
Red Hat
update for libxml2
14/01/08
AOL
Radio AOLMediaPlaybackControl.exe Buffer Overflow Vulnerability
14/01/08
Ubuntu
Update for squid
14/01/08
Gentoo
Update for squid
14/01/08
Mandriva
Update for libexif
14/01/08
McAfee
E-Business Server Authentication Packet Handling Vulnerability
14/01/08
R
PCRE Multiple Vulnerabilities
14/01/08
Gentoo
Update for R
14/01/08
IMP
Mail Deletion Security Bypass Vulnerability
14/01/08
Secunia
Multiple Horde Products Security Bypass
14/01/08
IBM
Lotus Domino Unspecified Denial of Service
14/01/08
Kolab
Server ClamAV Multiple Vulnerabilities
11/01/08
VLC
Media Player SDP Processing Buffer Overflow Vulnerability
11/01/08
Ingate
Firewall and SIParator Port Exhaustion Denial of Service
11/01/08
Avaya
Products Perl Regular Expressions Unicode Data Buffer Overflow
11/01/08
Ubuntu
Update for opal
11/01/08
Ubuntu
Update for cups
11/01/08
Mandriva
Update for clamav
11/01/08
Gateway
CWebLaunchCtl ActiveX Control "DoWebLaunch()" Vulnerabilities
11/01/08
Debian
Update for libarchive
11/01/08
HP-UX
Update for Thunderbird
10/01/08
HP-UX
Update for Firefox
10/01/08
Debian
Update for freetype
10/01/08
SUSE
Update for opera
09/01/08
VMware
ESX Server and VirtualCenter Multiple Security Updates
09/01/08
Red Hat
update for tog-pegasus
09/01/08
Microsoft
Windows TCP/IP Implementation Vulnerabilities
09/01/08
VMware
ESX Server Multiple Security Updates
09/01/08
rPath
Update for libexif
09/01/08
Fedora
Update for python-cherrypy
09/01/08
Debian
Update for eggdrop
09/01/08
rPath
Update for tetex
09/01/08