Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | February 2008

February 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Red Hat	update for gd	29/02/08
Red Hat	update for netpbm	29/02/08
Gentoo	Update for xine-lib	29/02/08
NetWin	WebMail Format String Vulnerability	29/02/08
D-Link	MPEG4 SHM (Audio) Control ActiveX Control "Url" PropertyBuffer Overflow	29/02/08
Symantec	Products Symantec Decomposer RAR File Handling Vulnerabilities	29/02/08
VLC	Media Player MP4 Demuxer Arbitrary Memory Overwrite	29/02/08
Mozilla	Thunderbird MIME Processing Buffer Overflow Vulnerability	29/02/08
Gentoo	Update for asterisk	29/02/08
Secunia	WordPress Sniplets Plugin Multiple Vulnerabilities	29/02/08
Thecus	N5200 Control Panel "name" File Inclusion Vulnerability	29/02/08
Apple	Mac OS X "ipcomp6_input()" Denial of Service	29/02/08
RTSP	MPEG4 SP Control ActiveX Control "Url" Property Buffer Overflow	29/02/08
Debian	Update for diatheke	28/02/08
Fedora	Update for cups	28/02/08
Fedora	Update for sword	28/02/08
Rising	Online Virus Scanner Web Scan ActiveX Control "UpdateEngine()"Insecure Method	28/02/08
Move	Media Player Quantum Streaming IE Player "UploadLogs()" BufferOverflow	28/02/08
Debian	Update for koffice	28/02/08
Gentoo	Update for python	27/02/08
OpenBSD	Two Denial of Service Vulnerabilities	27/02/08
Quantum	Star "CONFIG[gameroot]" File Inclusion Vulnerabilities	27/02/08
php	Download Manager "content" File Inclusion Vulnerability	27/02/08
SUSE	Update for Multiple Packages	27/02/08
Red Hat	update for acroread	27/02/08
Debian	Update for iceape	27/02/08
Sun	Solaris Firewall Security Bypass and Denial of Service	27/02/08
Joomla!	Gary's Cookbook Component "id" SQL Injection	27/02/08
Xoops	XM-Memberstats Module "letter" and "sortby" SQL Injection	27/02/08
Joomla!	"mosConfig_absolute_path" File Inclusion	27/02/08
VMware	ESX Server Multiple Updates	25/02/08
IBM	AIX Pegasus CIM Server for Director Vulnerabilities	25/02/08
Novell	IPrint Client iPrint Control "ExecuteRequest()" BufferOverflow	25/02/08
Debian	Update for wordpress	25/02/08
Ubuntu	Update for pcre3	25/02/08
Solaris	10 Perl Regular Expressions Unicode Data Buffer Overflow	25/02/08
Gentoo	Udpate for clamav	25/02/08
Red Hat	update for tcltk	25/02/08
Secunia	XOOPS Prayer List Module "cid" SQL Injection	25/02/08
Red Hat	update for tk	25/02/08
Secunia	XOOPS Tiny Event Module "id" SQL Injection	25/02/08
Sybase	SQL Anywhere MobiLink Buffer Overflow Vulnerability	22/02/08
Symantec	Veritas Storage Foundation Administrator Service BufferOverflow	22/02/08
Netscape	Multiple Vulnerabilities	22/02/08
HP	Tru64 UNIX Perl Regular Expressions Vulnerability	22/02/08
IBM	Lotus Notes Java Plug-in Sandbox Security Bypass	22/02/08
Debian	Update for pcre3	22/02/08
Opera	Multiple Vulnerabilities	21/02/08
Debian	Update for libimager-perl	21/02/08
CUPS	"process_browse_data()" Double Free Vulnerability	21/02/08
Fedora	Update for pcre	21/02/08
Kolab	Server ClamAV Multiple Vulnerabilities	21/02/08
SUSE	Update for acroread	21/02/08
WebGUI	User Name Script Insertion Vulnerability	21/02/08
webcamXP	Denial of Service and Information Disclosure	21/02/08
IBM	DB2 Multiple Vulnerabilities	21/02/08
GNOME	GLib PCRE Character Class Buffer Overflow	20/02/08
Mandriva	Update for xine-lib	20/02/08
Fedora	Update for cacti	19/02/08
SUSE	Update for clamav	19/02/08
Debian	Update for clamav	19/02/08
Hosting	Controller Multiple Vulnerabilities	19/02/08
SUSE	Update for MozillaFirefox and seamonkey	19/02/08
WordPress	Search Unleashed Plugin "s" Script Insertion Vulnerability	18/02/08
Red Hat	update for java-1.4.2-ibm	18/02/08
Mandriva	Update for mplayer	18/02/08
Slackware	Update for php4	18/02/08
Red Hat	update for java-1.5.0-sun	18/02/08
PCRE	Character Class Buffer Overflow	18/02/08
Fedora	Update for glib2	15/02/08
Cisco	Unified IP Phone Multiple Vulnerabilities	15/02/08
rPath	Update for SDL_image	15/02/08
FreeBSD	Update for ipsec	15/02/08
Fedora	Update for clamav	15/02/08
Fedora	Update for xine-lib	15/02/08
Fedora	Update for tomcat5	15/02/08
Adobe	Connect Enterprise Server Flash Media Server Vulnerabilities	15/02/08
Adobe	Flash Media Server Edge Server Multiple Vulnerabilities	15/02/08
Debian	Update for mplayer	15/02/08
Fedora	Update for firefox, seamonkey, and gtkmozembedmm	15/02/08
Fedora	Update for firefox, gtkmozembedmm, and Miro	15/02/08
Debian	Update for nagios-plugins	14/02/08
rPath	Update for tk	14/02/08
Fedora	Update for graphviz	14/02/08
Graphviz	GD GIF Handling Buffer Overflow Vulnerability	14/02/08
Gentoo	Update for gnumeric	14/02/08
Novell	Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow	14/02/08
Gentoo	Update for horde-imp	14/02/08
Gentoo	Update for gallery	14/02/08
Apple	Mac OS X Security Update Fixes Multiple Vulnerabilities	14/02/08
RPM	Remote Print Manager Service "Receive data file" Buffer Overflow	14/02/08
Ajax	Simple Chat Script Insertion Vulnerability	14/02/08
Larson	Network Print Server Format String and Buffer OverflowVulnerabilities	14/02/08
SafeNet	Sentinel Protection Server/Key Server Directory TraversalVulnerability	14/02/08
Secunia	Joomla! Rapid Recipe Component Two SQL Injection Vulnerabilities	14/02/08
Microsoft	Word Unspecified Memory Corruption Vulnerability	13/02/08
Microsoft	Windows OLE Automation Memory Corruption	13/02/08
Microsoft	Office Object Parsing Memory Corruption Vulnerability	13/02/08
Microsoft	Office Publisher File Parsing Vulnerabilities	13/02/08
Microsoft	WebDAV Mini-Redirector Code Execution Vulnerability	13/02/08
Microsoft	Internet Explorer Multiple Vulnerabilities	13/02/08
Microsoft	Internet Information Services Code Execution Vulnerability	13/02/08
Microsoft	Works File Converter File Parsing Vulnerabilities	13/02/08
Cacti	Multiple Vulnerabilities	13/02/08
ClamAV	Multiple Vulnerabilities	13/02/08
Secunia	Sony ImageStation AxRUploadControl ActiveX Control "SetLogging()" Buffer Overflow	13/02/08
Secunia	Husrev BlackBoard "forumid" SQL Injection Vulnerability	13/02/08
Debian	Update for xulrunner	13/02/08
Debian	Update for icedove	13/02/08
Debian	Update for iceweasel	13/02/08
Debian	Update for libexif	13/02/08
IEA	Products Management Web Server Memory Corruption Vulnerability	13/02/08
Debian	Update for sdl-image1.2	13/02/08
Debian	Update for tk8.4	13/02/08
rPath	Update for firefox	13/02/08
Debian	Update for tk8.3	13/02/08
jetAudio	ASX Parsing Buffer Overflow Vulnerability	13/02/08
Apache	Tomcat Multiple Vulnerabilities	12/02/08
Joomla!	XML-RPC / Blogger API Vulnerability	12/02/08
cyan Soft Products	Format String and Denial of Service Vulnerabilities	12/02/08
Open-Realty	"last_module" PHP Code Execution	12/02/08
PowerNews	Multiple Vulnerabilities	12/02/08
Mozilla	SeaMonkey Multiple Vulnerabilities	11/02/08
rPath	Update for gd	11/02/08
Adobe	Reader/Acrobat 7 Multiple Vulnerabilities	11/02/08
SUSE	Update for kernel	11/02/08
Fedora	Update for tk and perl-Tk	11/02/08
Mandriva	Update for tk	11/02/08
Mandriva	Update for SDL_image	11/02/08
SUSE	Update for Multiple Packages	11/02/08
UltraVNC	Vncviewer Multiple Buffer Overflow Vulnerabilities	11/02/08
Mandriva	Update for gd	11/02/08
Ipswitch	Instant Messaging IMServer Denial of Service	11/02/08
Red Hat	update for seamonkey	11/02/08
Mozilla	Firefox Multiple Vulnerabilities	11/02/08
Red Hat	update for firefox	11/02/08
Red Hat	Update for thunderbird	11/02/08
Ubuntu	Update for firefox	11/02/08
Mozilla	Thunderbird Multiple Vulnerabilities	11/02/08
Fedora	Update for gnumeric	11/02/08
ACDSee	Photo Manager XBM File Processing Buffer Overflow	11/02/08
rPath	Update for icu	11/02/08
Gentoo	Doomsday Multiple Vulnerabilities	11/02/08
HP	Storage Essentials SRM Multiple Unspecified Vulnerabilities	11/02/08
IPSwitch	WS_FTP Server Manager Security Bypass	11/02/08
Secunia	SAP SAPSprint Multiple Vulnerabilities	11/02/08
Gentoo	Update for sdl-image	11/02/08
TinTin++ / WinTin++	Multiple Vulnerabilities	11/02/08
OpenBSD	DNS Server PRNG Transaction ID Vulnerability	11/02/08
osCommerce	Customer Testimonials Addon SQL Injection	08/02/08
Mandriva	Update for ImageMagick	08/02/08
Debian	Update for poppler	08/02/08
Adobe	Reader Unspecified Vulnerabilities	08/02/08
Debian	Update for python-cherrypy	08/02/08
Debian	Update for squid	08/02/08
Apple	IPhoto Photocast Format String Vulnerability	08/02/08
Tk	GIF Processing Buffer Overflow Vulnerability	08/02/08
WordPress	MU File Upload and Security Bypass	08/02/08
Documentum	Administrator/Webtop "dmclTrace.jsp" Arbitrary FileOverwrite	08/02/08
Skype	Cross-Zone Scripting Security Enhancement	08/02/08
Sun	JRE Applet Handling Two Vulnerabilities	07/02/08
NetBSD	"ipcomp6_input()" Denial of Service	07/02/08
Openads	Arbitrary PHP Code Execution Vulnerability	07/02/08
Secunia	VHD Web Pack "page" Local File Inclusion Vulnerability	07/02/08
Secunia	WordPress DMSGuestbook Plugin Multiple Vulnerabilities	07/02/08
WinCom	LPD Total Multiple Vulnerabilities	07/02/08
Sun	Solaris ImageMagick Multiple Vulnerabilities	07/02/08
Ubuntu	Update for kernel	07/02/08
MPlayer	Multiple Vulnerabilities	07/02/08
xine-lib	FLAC Processing Memory Corruption Vulnerability	07/02/08
ITechBids	"item_id" SQL Injection and Cross-Site Scripting	07/02/08
Symantec	Backup Exec System Recovery Manager File UploadVulnerability	07/02/08
SAP	GUI SAPLPD Multiple Vulnerabilities	07/02/08
Nero	Media Player M3U Playlist Processing Buffer OverflowVulnerability	07/02/08
Avaya	Products Libxml2 UTF-8 Parsing Denial of Service	07/02/08
Fedora	Update for SDL_image	07/02/08
Joomla	NeoReferences Component "catid" SQL Injection	07/02/08
Facebook	Photo Uploader ActiveX Control Property Handling BufferOverflow	07/02/08
SUSE	Update for IBMJava5-JRE and IBMJava5-SDK	07/02/08
Deluge	"bdecode_recursive()" Stack Overflow Vulnerability	07/02/08
Fedora	Update for deluge	07/02/08
Secunia	Titan FTP Server Command Processing Buffer Overflow	07/02/08
Fedora	Update for rb_libtorrent	07/02/08
Yahoo	Music Jukebox ActiveX Control Buffer Overflows	07/02/08
IBM	DB2 UDB Multiple Vulnerabilities	07/02/08
Magnolia	CE Content Adding Vulnerability	07/02/08
IpSwitch	WS_FTP Server with SSH Buffer Overflow Vulnerability	05/02/08
Secunia	Nilson's Blogger Two Local File Inclusion Vulnerabilities	04/02/08
UltraVNC	Vncviewer "ClientConnection::NegotiateProtocolVersion()"Buffer Overflow	04/02/08
RedHat	update for kernel	04/02/08
VirtueMart	File Disclosure and Cross-Site Request ForgeryVulnerabilities	04/02/08
Gentoo	Update for peercast	04/02/08
Gentoo	Update for libxml2	04/02/08
WordPress	WassUp Plugin "to_date" SQL Injection Vulnerability	04/02/08
Cisco	Wireless Control System Apache Tomcat JK Web Server ConnectorBuffer Overflow	04/02/08
PHP	Links "id" SQL Injection Vulnerability	04/02/08
Gentoo	Update for goffice	04/02/08
Gentoo	Update for kazehakase	04/02/08
Drupal	Comment Upload Module File Upload Vulnerability	04/02/08
MySpace	Uploader Control ActiveX Control "Action" Property BufferOverflow	04/02/08
Gnumeric	XLS HLINK Opcode Processing Code Execution Vulnerability	04/02/08
Drupal	Secure Site Module Security Bypass Vulnerability	04/02/08
Drupal	Project Issue Tracking Module File Upload and Script Insertion	04/02/08
Drupal	OpenID Module "claimed_id" Authority Spoofing	01/02/08
Coppermine	Photo Gallery Multiple Vulnerabilities	01/02/08
Connectix	Boards "template_path" File Inclusion Vulnerability	01/02/08
Secunia	SQLiteManager "spaw_root" File Inclusion Vulnerability	01/02/08
Debian	Update for linux-2.6	01/02/08
Gentoo	Update for maradns	01/02/08
Smart	Publisher "filedata" PHP Code Execution	01/02/08
WordPress	AdServe Plugin "id" SQL Injection	01/02/08
GFL	SDK Radiance RGBE Buffer Overflow Vulnerability	01/02/08
Secunia	PhpCMS "file" File Disclosure Vulnerability	01/02/08

Centre for Critical Infrastructure Protection (CCIP)

Centre for Critical Infrastructure Protection

February 2008