Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | March 2008

March 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Wireshark	Multiple Denial of Service Vulnerabilities	31/03/08
HP	TCP/IP Services for OpenVMS SSH Server Vulnerability	31/03/08
Red Hat	update for seamonkey	31/03/08
SUSE	Update for epiphany	31/03/08
rPath	Update for firefox	31/03/08
Mandriva	Update for sarg	31/03/08
Debian	Update for exiftags	31/03/08
Debian	Update for xulrunner	31/03/08
Debian	Update for iceape	31/03/08
TFTP	Server SP Long Filename Buffer Overflow Vulnerability	31/03/08
Red Hat	update for firefox	31/03/08
Ubuntu	Update for firefox	31/03/08
Quick	Tftp Server Pro Long Mode Buffer Overflow Vulnerability	28/03/08
Ubuntu	Update for sdl-image	28/03/08
Fedora	Update for firefox	28/03/08
Cisco	IOS Multiple Vulnerabilities	28/03/08
Cisco	IOS Denial of Service Vulnerability	28/03/08
Mandriva	Update for perl-Tk	28/03/08
IBM	SolidDB Multiple Vulnerabilities	28/03/08
Ubuntu	Update for dovecot	28/03/08
Debian	Firebird2 Multiple Vulnerabilities	28/03/08
HP	Tru64 UNIX SSH SFTP Server Vulnerability	28/03/08
Mozilla	Firefox Multiple Vulnerabilities	28/03/08
Mozilla	Thunderbird Multiple Vulnerabilities	28/03/08
SILC	Server "NEW_CLIENT" Packet Denial of Service	28/03/08
Debian	Update for cupsys	28/03/08
Secunia	Aeries Browser Interface Cross-Site Scripting and SQL Injection	28/03/08
Mozilla	SeaMonkey Multiple Vulnerabilities	28/03/08
File	Transfer Request File Directory Traversal Vulnerability	28/03/08
PowerBook	"page" Local File Inclusion Vulnerability	28/03/08
Orb	Networks Orb Variant Array Parsing Integer Overflow	27/03/08
Gentoo	Update for wireshark	27/03/08
Gentoo	Update for krb5	27/03/08
Ubuntu	Update for libicu	27/03/08
Debian	Update for serendipity	27/03/08
Novell	EDirectory LDAP Extended Request Message Processing BufferOverflow	27/03/08
Joomla	Rekry!Joom Component "op_id" SQL Injection	27/03/08
VLC	Media Player "MP4_ReadBox_rdrf()" Buffer Overflow Vulnerability	27/03/08
Apache	AuthCAS Session ID SQL Injection Vulnerability	27/03/08
phpBB	EXtreme Styles Module "phpEx" Local File Inclusion	27/03/08
Joomla	Custompages Component "cpage" File Inclusion	26/03/08
Fedora	Update for krb5	26/03/08
bzip2	Unspecified Vulnerability	26/03/08
ASUS	Remote Console DPC Proxy Service Buffer Overflow	26/03/08
rPath	Update for unzip	26/03/08
Fedora	Update for xine-lib	26/03/08
Fedora	Update for asterisk	26/03/08
rPath	Update for bzip2	25/03/08
snircd	"send_user_mode" Denial of Service Vulnerability	25/03/08
Safari	Address Bar Spoofing and Memory Corruption Vulnerabilities	25/03/08
Undernet	Ircu "send_user_mode" Denial of Service Vulnerability	25/03/08
Sun	Solaris rpc.ypupdated Arbitrary Command Execution	25/03/08
SecureSphere	MX Management Server Alert Script Insertion	25/03/08
Apple	Aperture/iPhoto DNG Image Parsing Buffer Overflow	25/03/08
PEEL	Multiple Vulnerabilities	25/03/08
Ubuntu	Update for mysql-dfsg-5.0	25/03/08
Ubuntu	Update for unzip	25/03/08
Speedport	W500 b_banner.stm Password Disclosure	25/03/08
CenterIM	URL Parsing Command Execution Vulnerability	25/03/08
Secunia	Piczo Image Uploader ActiveX Control Buffer Overflows	25/03/08
xine-lib	Multiple Integer Overflow Vulnerabilities	25/03/08
Sun	Solaris libexif Integer Overflow Vulnerability	25/03/08
Joomla	Joovideo Component "id" SQL Injection Vulnerability	25/03/08
Adobe	Flash FLA File Parsing Vulnerabilities	25/03/08
Mandriva	Update for krb5	25/03/08
rPath	Update for krb5	25/03/08
Joomla	Alberghi Component "id" SQL Injection Vulnerability	25/03/08
Joomla	Restaurante Component "id" SQL Injection Vulnerability	25/03/08
Gentoo	Update for moinmoin	25/03/08
CUPS	CGI Buffer Overflow Vulnerability	25/03/08
Joomla	Acajoom PRO Component "mailingid" SQL Injection	25/03/08
xine-lib	"sdpplin_parse()" Array Indexing Vulnerability	25/03/08
Mac	OS X Security Update Fixes Multiple Vulnerabilities	25/03/08
Kerberos	Multiple Vulnerabilities	25/03/08
Asterisk	Multiple Vulnerabilities	25/03/08
WinRAR	Multiple Unspecified Vulnerabilities	25/03/08
Red Hat	update for unzip	25/03/08
Mandriva	Update for unzip	25/03/08
SUSE	Update for krb5	25/03/08
Apple	Safari Multiple Vulnerabilities	25/03/08
Debian	Update for krb5	25/03/08
Ubuntu	Update for krb5	25/03/08
Red Hat	update for krb5	25/03/08
SUSE	Update for cups	20/03/08
Gentoo	Update for libpcre and glib	20/03/08
UnZip	"inflate_dynamic()" Uninitialized Pointers Vulnerability	20/03/08
Debian	Update for unzip	20/03/08
Debian	Update for ikiwiki	20/03/08
PHPauction	GPL "include_path" File Inclusion Vulnerabilities	20/03/08
Gentoo	Update for dovecot	20/03/08
Home	FTP Server Passive Mode Denial of Service	20/03/08
Serendipity	Security Bypass and Script Insertion Vulnerabilities	20/03/08
Debian	Update for dovecot	19/03/08
Avaya	CMS Solaris Firewall Security Bypass and Denial of Service	19/03/08
SUSE	Update for Multiple Packages	19/03/08
Debian	Update for horde3	19/03/08
F-Secure	Archives Handling Unspecified Vulnerabilities	18/03/08
CA	BrightStor ARCserve Backup "ListCtrl" ActiveX Control BufferOverflow	18/03/08
Gentoo	Update for live	17/03/08
CiscoWorks	Internetwork Performance Monitor Arbitrary CommandExecution	17/03/08
SUSE	Update for evolution	17/03/08
MDaemon	IMAP Server "FETCH" Command Buffer Overflow	17/03/08
DB2	Monitoring Console File Upload and Unauthorized Database Access	17/03/08
Cisco	User-Changeable Password Multiple Vulnerabilities	17/03/08
Fedora	Update for ruby	17/03/08
rPath	Update for dovecot	17/03/08
Gentoo	Update for sarg	17/03/08
Secunia	StoreFront "CategoryId" SQL Injection Vulnerability	17/03/08
Fedora	Update for horde	17/03/08
Fedora	Update for dovecot	17/03/08
XOOPS	Tutorials Module "tid" SQL Injection	17/03/08
UnixWare	Update for openssh	17/03/08
Roundup	Multiple Vulnerabilities	17/03/08
Fully	Modded phpBB "k" SQL Injection Vulnerability	17/03/08
Fedora	Update for roundup	14/03/08
Secunia	EXV2 bamaGalerie "cid" SQL Injection Vulnerability	14/03/08
McAfee	EPolicy Orchestrator Framework Service Format StringVulnerability	14/03/08
Red Hat	update for java-1.4.2-bea	14/03/08
HP-UX	HP CIFS Server Multiple Vulnerabilities	14/03/08
Gentoo	Update for icu	14/03/08
Adobe	Form Designer/Form Client Buffer Overflow Vulnerabilities	14/03/08
IBM	WebSphere Application Server Multiple Vulnerabilities	14/03/08
Bloo	Multiple SQL Injection Vulnerabilities	13/03/08
Gentoo	Update for cacti	13/03/08
RealPlayer	ActiveX Control "Console" Property Memory Corruption	13/03/08
PHP-Nuke	Hadith Module "cat" SQL Injection	13/03/08
MaxDB	Multiple Vulnerabilities	13/03/08
Motorola	Timbuktu Pro Denial of Service and File UploadVulnerabilities	13/03/08
Gentoo	Update for mplayer	13/03/08
Microsoft	Office Web Components Two Vulnerabilities	13/03/08
Kingsoft	Antivirus Online Update Module ActiveX Control BufferOverflow	13/03/08
Joomla!	EWriting Component "cat" SQL Injection	13/03/08
Microsoft	Outlook "mailto:" URI Handling Vulnerability	13/03/08
Microsoft	Office Two Code Execution Vulnerabilities	13/03/08
IBM	Informix Dynamic Server Multiple Vulnerabilities	12/03/08
Gentoo	Update for vlc	12/03/08
Sun	Solaris ICU Regular Expressions Vulnerabilities	12/03/08
MailEnable	IMAP Service Multiple Vulnerabilities	12/03/08
MailEnable	SMTP Service EXPN/VRFY Denial of Service	12/03/08
Debian	Update for moin	12/03/08
Gentoo	Update for ghostscript	12/03/08
Dovecot	Authentication Bypass Vulnerability	12/03/08
Beehive	Secure File Transfer Appliance "sfoutbox" Hardcoded FTP Account	12/03/08
BM	Classifieds Two SQL Injection Vulnerabilities	12/03/08
Horde	"theme" Local File Inclusion Vulnerability	11/03/08
Red Hat	Update for java-1.5.0-sun	10/03/08
Fedora	Update for vdccm	10/03/08
SynCE	Vdccm Denial of Service and Command Injection	10/03/08
Zimbra	Collaboration Suite Script Insertion Vulnerability	10/03/08
PHP-Nuke	Kütüb-i Sitte Module "kid" SQL Injection	10/03/08
Fedora	Update for lighttpd	10/03/08
SUSE	Update for kernel-rt	10/03/08
Fedora	Update for libtirpc	10/03/08
Fedora	Update for evolution	10/03/08
Fedora	Update for pcre	10/03/08
Fedora	Update for nx	10/03/08
Fedora	Update for kronolith	10/03/08
SUSE	Update for Multiple Packages	10/03/08
Gentoo	Update for lighttpd	10/03/08
Debian	Update for evolution	10/03/08
Ubuntu	Update for evolution	10/03/08
Programmer's	Notepad ctags Processing Buffer Overflow	10/03/08
SUSE	Update for cups	10/03/08
Ruby	WEBrick Information Disclosure Vulnerabilities	10/03/08
Gentoo	Update for evolution	10/03/08
Mandriva	Update for tcl	10/03/08
Linux	Kiss Server "log_message()" Format String Vulnerability	07/03/08
Gentoo	Update for win32codecs	07/03/08
PacketTrap	Pt360 TFTP Server Two Vulnerabilities	07/03/08
Gentoo	Update for opera	07/03/08
Red Hat	update for java-1.5.0-bea	07/03/08
Red	Hat update for evolution	06/03/08
Sun	Java JDK / JRE Unspecified Vulnerabilities	06/03/08
Fedora	Update for ghostscript	06/03/08
Debian	Update for libicu	06/03/08
Borland	VisiBroker Smart Agent Packet Handling Vulnerabilities	06/03/08
Gentoo	Update for sword	06/03/08
Mandriva	Update for wireshark	06/03/08
Slackware	Update for mozilla-thunderbird	05/03/08
Gentoo	Update for firebird	05/03/08
Ubuntu	Update for thunderbird	05/03/08
rPath	Update for thunderbird	05/03/08
rPath	Update for wireshark	05/03/08
Slackware	Update for ghostscript	05/03/08
Gentoo	Update for acroread	05/03/08
Secunia	NetOffice Dwins Authentication Bypass	04/03/08
rPath	Update for espgs	03/03/08
SUSE	Update for ghostscript	03/03/08
Mandriva	Update for ghostscript	03/03/08
Symantec	Backup Exec Calendar Control Multiple Vulnerabilities	03/03/08
Fedora	Update for thunderbird	03/03/08
SUSE	Update for opera	03/03/08
NetBSD	FAST_IPSEC "ipsec4_get_ulp()" Security Bypass	03/03/08
Fedora	Update for turba	03/03/08
rPath	Update for lighttpd	03/03/08
rPath	Update for pcre	03/03/08
Fedora	Update for imp	03/03/08
Fedora	Update for horde	03/03/08
Trend	Micro OfficeScan CGI Module and Policy Server Buffer Overflows	03/03/08
Ghostscript	"zseticcspace()" Buffer Overflow Vulnerability	03/03/08
Wireshark	Multiple Denial of Service Vulnerabilities	03/03/08
Debian	Update for ghostscript	03/03/08
Red Hat	update for ghostscript	03/03/08
ICQ	Message Processing Format String Vulnerability	03/03/08
IBM	AIX libc "inet_network()" Off-By-One Vulnerability	03/03/08