Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | February 2008

February 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Red Hat	update for gd	29/02/08
Red Hat	update for netpbm	29/02/08
Gentoo	Update for xine-lib	29/02/08
NetWin	WebMail Format String Vulnerability	29/02/08
D-Link	MPEG4 SHM (Audio) Control ActiveX Control "Url" PropertyBuffer Overflow	29/02/08
Symantec	Products Symantec Decomposer RAR File Handling Vulnerabilities	29/02/08
VLC	Media Player MP4 Demuxer Arbitrary Memory Overwrite	29/02/08
Mozilla	Thunderbird MIME Processing Buffer Overflow Vulnerability	29/02/08
Gentoo	Update for asterisk	29/02/08
Secunia	WordPress Sniplets Plugin Multiple Vulnerabilities	29/02/08
Thecus	N5200 Control Panel "name" File Inclusion Vulnerability	29/02/08
Apple	Mac OS X "ipcomp6_input()" Denial of Service	29/02/08
RTSP	MPEG4 SP Control ActiveX Control "Url" Property Buffer Overflow	29/02/08
Debian	Update for diatheke	28/02/08
Fedora	Update for cups	28/02/08
Fedora	Update for sword	28/02/08
Rising	Online Virus Scanner Web Scan ActiveX Control "UpdateEngine()"Insecure Method	28/02/08
Move	Media Player Quantum Streaming IE Player "UploadLogs()" BufferOverflow	28/02/08
Debian	Update for koffice	28/02/08
Gentoo	Update for python	27/02/08
OpenBSD	Two Denial of Service Vulnerabilities	27/02/08
Quantum	Star "CONFIG[gameroot]" File Inclusion Vulnerabilities	27/02/08
php	Download Manager "content" File Inclusion Vulnerability	27/02/08
SUSE	Update for Multiple Packages	27/02/08
Red Hat	update for acroread	27/02/08
Debian	Update for iceape	27/02/08
Sun	Solaris Firewall Security Bypass and Denial of Service	27/02/08
Joomla!	Gary's Cookbook Component "id" SQL Injection	27/02/08
Xoops	XM-Memberstats Module "letter" and "sortby" SQL Injection	27/02/08
Joomla!	"mosConfig_absolute_path" File Inclusion	27/02/08
VMware	ESX Server Multiple Updates	25/02/08
IBM	AIX Pegasus CIM Server for Director Vulnerabilities	25/02/08
Novell	IPrint Client iPrint Control "ExecuteRequest()" BufferOverflow	25/02/08
Debian	Update for wordpress	25/02/08
Ubuntu	Update for pcre3	25/02/08
Solaris	10 Perl Regular Expressions Unicode Data Buffer Overflow	25/02/08
Gentoo	Udpate for clamav	25/02/08
Red Hat	update for tcltk	25/02/08
Secunia	XOOPS Prayer List Module "cid" SQL Injection	25/02/08
Red Hat	update for tk	25/02/08
Secunia	XOOPS Tiny Event Module "id" SQL Injection	25/02/08
Sybase	SQL Anywhere MobiLink Buffer Overflow Vulnerability	22/02/08
Symantec	Veritas Storage Foundation Administrator Service BufferOverflow	22/02/08
Netscape	Multiple Vulnerabilities	22/02/08
HP	Tru64 UNIX Perl Regular Expressions Vulnerability	22/02/08
IBM	Lotus Notes Java Plug-in Sandbox Security Bypass	22/02/08
Debian	Update for pcre3	22/02/08
Opera	Multiple Vulnerabilities	21/02/08
Debian	Update for libimager-perl	21/02/08
CUPS	"process_browse_data()" Double Free Vulnerability	21/02/08
Fedora	Update for pcre	21/02/08
Kolab	Server ClamAV Multiple Vulnerabilities	21/02/08
SUSE	Update for acroread	21/02/08
WebGUI	User Name Script Insertion Vulnerability	21/02/08
webcamXP	Denial of Service and Information Disclosure	21/02/08
IBM	DB2 Multiple Vulnerabilities	21/02/08
GNOME	GLib PCRE Character Class Buffer Overflow	20/02/08
Mandriva	Update for xine-lib	20/02/08
Fedora	Update for cacti	19/02/08
SUSE	Update for clamav	19/02/08
Debian	Update for clamav	19/02/08
Hosting	Controller Multiple Vulnerabilities	19/02/08
SUSE	Update for MozillaFirefox and seamonkey	19/02/08
WordPress	Search Unleashed Plugin "s" Script Insertion Vulnerability	18/02/08
Red Hat	update for java-1.4.2-ibm	18/02/08
Mandriva	Update for mplayer	18/02/08
Slackware	Update for php4	18/02/08
Red Hat	update for java-1.5.0-sun	18/02/08
PCRE	Character Class Buffer Overflow	18/02/08
Fedora	Update for glib2	15/02/08
Cisco	Unified IP Phone Multiple Vulnerabilities	15/02/08
rPath	Update for SDL_image	15/02/08
FreeBSD	Update for ipsec	15/02/08
Fedora	Update for clamav	15/02/08
Fedora	Update for xine-lib	15/02/08
Fedora	Update for tomcat5	15/02/08
Adobe	Connect Enterprise Server Flash Media Server Vulnerabilities	15/02/08
Adobe	Flash Media Server Edge Server Multiple Vulnerabilities	15/02/08
Debian	Update for mplayer	15/02/08
Fedora	Update for firefox, seamonkey, and gtkmozembedmm	15/02/08
Fedora	Update for firefox, gtkmozembedmm, and Miro	15/02/08
Debian	Update for nagios-plugins	14/02/08
rPath	Update for tk	14/02/08
Fedora	Update for graphviz	14/02/08
Graphviz	GD GIF Handling Buffer Overflow Vulnerability	14/02/08
Gentoo	Update for gnumeric	14/02/08
Novell	Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow	14/02/08
Gentoo	Update for horde-imp	14/02/08
Gentoo	Update for gallery	14/02/08
Apple	Mac OS X Security Update Fixes Multiple Vulnerabilities	14/02/08
RPM	Remote Print Manager Service "Receive data file" Buffer Overflow	14/02/08
Ajax	Simple Chat Script Insertion Vulnerability	14/02/08
Larson	Network Print Server Format String and Buffer OverflowVulnerabilities	14/02/08
SafeNet	Sentinel Protection Server/Key Server Directory TraversalVulnerability	14/02/08
Secunia	Joomla! Rapid Recipe Component Two SQL Injection Vulnerabilities	14/02/08
Microsoft	Word Unspecified Memory Corruption Vulnerability	13/02/08
Microsoft	Windows OLE Automation Memory Corruption	13/02/08
Microsoft	Office Object Parsing Memory Corruption Vulnerability	13/02/08
Microsoft	Office Publisher File Parsing Vulnerabilities	13/02/08
Microsoft	WebDAV Mini-Redirector Code Execution Vulnerability	13/02/08
Microsoft	Internet Explorer Multiple Vulnerabilities	13/02/08
Microsoft	Internet Information Services Code Execution Vulnerability	13/02/08
Microsoft	Works File Converter File Parsing Vulnerabilities	13/02/08
Cacti	Multiple Vulnerabilities	13/02/08
ClamAV	Multiple Vulnerabilities	13/02/08
Secunia	Sony ImageStation AxRUploadControl ActiveX Control "SetLogging()" Buffer Overflow	13/02/08
Secunia	Husrev BlackBoard "forumid" SQL Injection Vulnerability	13/02/08
Debian	Update for xulrunner	13/02/08
Debian	Update for icedove	13/02/08
Debian	Update for iceweasel	13/02/08
Debian	Update for libexif	13/02/08
IEA	Products Management Web Server Memory Corruption Vulnerability	13/02/08
Debian	Update for sdl-image1.2	13/02/08
Debian	Update for tk8.4	13/02/08
rPath	Update for firefox	13/02/08
Debian	Update for tk8.3	13/02/08
jetAudio	ASX Parsing Buffer Overflow Vulnerability	13/02/08
Apache	Tomcat Multiple Vulnerabilities	12/02/08
Joomla!	XML-RPC / Blogger API Vulnerability	12/02/08
cyan Soft Products	Format String and Denial of Service Vulnerabilities	12/02/08
Open-Realty	"last_module" PHP Code Execution	12/02/08
PowerNews	Multiple Vulnerabilities	12/02/08
Mozilla	SeaMonkey Multiple Vulnerabilities	11/02/08
rPath	Update for gd	11/02/08
Adobe	Reader/Acrobat 7 Multiple Vulnerabilities	11/02/08
SUSE	Update for kernel	11/02/08
Fedora	Update for tk and perl-Tk	11/02/08
Mandriva	Update for tk	11/02/08
Mandriva	Update for SDL_image	11/02/08
SUSE	Update for Multiple Packages	11/02/08
UltraVNC	Vncviewer Multiple Buffer Overflow Vulnerabilities	11/02/08
Mandriva	Update for gd	11/02/08
Ipswitch	Instant Messaging IMServer Denial of Service	11/02/08
Red Hat	update for seamonkey	11/02/08
Mozilla	Firefox Multiple Vulnerabilities	11/02/08
Red Hat	update for firefox	11/02/08
Red Hat	Update for thunderbird	11/02/08
Ubuntu	Update for firefox	11/02/08
Mozilla	Thunderbird Multiple Vulnerabilities	11/02/08
Fedora	Update for gnumeric	11/02/08
ACDSee	Photo Manager XBM File Processing Buffer Overflow	11/02/08
rPath	Update for icu	11/02/08
Gentoo	Doomsday Multiple Vulnerabilities	11/02/08
HP	Storage Essentials SRM Multiple Unspecified Vulnerabilities	11/02/08
IPSwitch	WS_FTP Server Manager Security Bypass	11/02/08
Secunia	SAP SAPSprint Multiple Vulnerabilities	11/02/08
Gentoo	Update for sdl-image	11/02/08
TinTin++ / WinTin++	Multiple Vulnerabilities	11/02/08
OpenBSD	DNS Server PRNG Transaction ID Vulnerability	11/02/08
osCommerce	Customer Testimonials Addon SQL Injection	08/02/08
Mandriva	Update for ImageMagick	08/02/08
Debian	Update for poppler	08/02/08
Adobe	Reader Unspecified Vulnerabilities	08/02/08
Debian	Update for python-cherrypy	08/02/08
Debian	Update for squid	08/02/08
Apple	IPhoto Photocast Format String Vulnerability	08/02/08
Tk	GIF Processing Buffer Overflow Vulnerability	08/02/08
WordPress	MU File Upload and Security Bypass	08/02/08
Documentum	Administrator/Webtop "dmclTrace.jsp" Arbitrary FileOverwrite	08/02/08
Skype	Cross-Zone Scripting Security Enhancement	08/02/08
Sun	JRE Applet Handling Two Vulnerabilities	07/02/08
NetBSD	"ipcomp6_input()" Denial of Service	07/02/08
Openads	Arbitrary PHP Code Execution Vulnerability	07/02/08
Secunia	VHD Web Pack "page" Local File Inclusion Vulnerability	07/02/08
Secunia	WordPress DMSGuestbook Plugin Multiple Vulnerabilities	07/02/08
WinCom	LPD Total Multiple Vulnerabilities	07/02/08
Sun	Solaris ImageMagick Multiple Vulnerabilities	07/02/08
Ubuntu	Update for kernel	07/02/08
MPlayer	Multiple Vulnerabilities	07/02/08
xine-lib	FLAC Processing Memory Corruption Vulnerability	07/02/08
ITechBids	"item_id" SQL Injection and Cross-Site Scripting	07/02/08
Symantec	Backup Exec System Recovery Manager File UploadVulnerability	07/02/08
SAP	GUI SAPLPD Multiple Vulnerabilities	07/02/08
Nero	Media Player M3U Playlist Processing Buffer OverflowVulnerability	07/02/08
Avaya	Products Libxml2 UTF-8 Parsing Denial of Service	07/02/08
Fedora	Update for SDL_image	07/02/08
Joomla	NeoReferences Component "catid" SQL Injection	07/02/08
Facebook	Photo Uploader ActiveX Control Property Handling BufferOverflow	07/02/08
SUSE	Update for IBMJava5-JRE and IBMJava5-SDK	07/02/08
Deluge	"bdecode_recursive()" Stack Overflow Vulnerability	07/02/08
Fedora	Update for deluge	07/02/08
Secunia	Titan FTP Server Command Processing Buffer Overflow	07/02/08
Fedora	Update for rb_libtorrent	07/02/08
Yahoo	Music Jukebox ActiveX Control Buffer Overflows	07/02/08
IBM	DB2 UDB Multiple Vulnerabilities	07/02/08
Magnolia	CE Content Adding Vulnerability	07/02/08
IpSwitch	WS_FTP Server with SSH Buffer Overflow Vulnerability	05/02/08
Secunia	Nilson's Blogger Two Local File Inclusion Vulnerabilities	04/02/08
UltraVNC	Vncviewer "ClientConnection::NegotiateProtocolVersion()"Buffer Overflow	04/02/08
RedHat	update for kernel	04/02/08
VirtueMart	File Disclosure and Cross-Site Request ForgeryVulnerabilities	04/02/08
Gentoo	Update for peercast	04/02/08
Gentoo	Update for libxml2	04/02/08
WordPress	WassUp Plugin "to_date" SQL Injection Vulnerability	04/02/08
Cisco	Wireless Control System Apache Tomcat JK Web Server ConnectorBuffer Overflow	04/02/08
PHP	Links "id" SQL Injection Vulnerability	04/02/08
Gentoo	Update for goffice	04/02/08
Gentoo	Update for kazehakase	04/02/08
Drupal	Comment Upload Module File Upload Vulnerability	04/02/08
MySpace	Uploader Control ActiveX Control "Action" Property BufferOverflow	04/02/08
Gnumeric	XLS HLINK Opcode Processing Code Execution Vulnerability	04/02/08
Drupal	Secure Site Module Security Bypass Vulnerability	04/02/08
Drupal	Project Issue Tracking Module File Upload and Script Insertion	04/02/08
Drupal	OpenID Module "claimed_id" Authority Spoofing	01/02/08
Coppermine	Photo Gallery Multiple Vulnerabilities	01/02/08
Connectix	Boards "template_path" File Inclusion Vulnerability	01/02/08
Secunia	SQLiteManager "spaw_root" File Inclusion Vulnerability	01/02/08
Debian	Update for linux-2.6	01/02/08
Gentoo	Update for maradns	01/02/08
Smart	Publisher "filedata" PHP Code Execution	01/02/08
WordPress	AdServe Plugin "id" SQL Injection	01/02/08
GFL	SDK Radiance RGBE Buffer Overflow Vulnerability	01/02/08
Secunia	PhpCMS "file" File Disclosure Vulnerability	01/02/08