Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | April 2008

April 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Imager	Image-Based Fill Buffer Overflow Vulnerability	30/04/08
Slackware	Update for libpng	30/04/08
Sun	StarOffice/StarSuite Multiple Vulnerabilities	30/04/08
SUSE	Update for Multiple Packages	30/04/08
Gentoo	Update for comix	30/04/08
SUSE	Update for IBM Java	30/04/08
KDE	KHTML PNG Processing Buffer Overflow Vulnerability	30/04/08
E-Post	Mail Server POP3 Password Disclosure Vulnerability	30/04/08
Secunia	WordPress Download Monitor Plugin "id" SQL Injection Vulnerability	30/04/08
Sun	Java System Directory Server "bind-dn" Security Bypass	30/04/08
Red Hat	update for java-1.5.0-bea	30/04/08
Red Hat	update for java-1.4.2-bea	30/04/08
WordPress	PHP Code Execution and Cross-Site Scripting	30/04/08
ZoneMinder	Unspecified Code Execution Vulnerabilities	29/04/08
SUSE	Update for clamav	28/04/08
Debian	Update for xulrunner	28/04/08
HP	Oracle for OpenView Multiple Vulnerabilities	28/04/08
Gentoo	Update for cups	28/04/08
SUSE	Update for OpenOffice_org	28/04/08
Red Hat	update for openoffice.org	28/04/08
Red Hat	update for openoffice.org	28/04/08
Gentoo	Update for speex	28/04/08
Debian	Update for clamav	28/04/08
Sweep Speex	Header Processing Vulnerability	28/04/08
Trillian	Display Name Processing Memory Corruption	28/04/08
WordPress	Spreadsheet Plugin "ss_id" SQL Injection Vulnerability	28/04/08
RedDot	CMS "LngId" SQL Injection Vulnerability	28/04/08
Secunia	WordPress "cat" Directory Traversal Vulnerability	28/04/08
Gentoo	Update for jrockit-jdk-bin	28/04/08
HP Software	Update HPeDiag ActiveX Control Insecure Methods andBuffer Overflow	28/04/08
Debian	Update for perl	28/04/08
Red Hat	update for kdegraphics	28/04/08
Red Hat	update for xpdf	28/04/08
Debian	Update for xpdf	28/04/08
Gentoo	Update for silc	28/04/08
Slackware	Update for mozilla-firefox	28/04/08
Gentoo	Update for pdns-recursor	28/04/08
Gentoo	Update for netscape-flash	28/04/08
Debian	Update for mplayer	28/04/08
ICQ	Personal Status Processing Buffer Overflow	28/04/08
DBMail	Empty LDAP Passwords Authentication Bypass	28/04/08
Fedora	Update for fedora-ds-admin	28/04/08
Blender	"imb_loadhdr()" Buffer Overflow Vulnerability	28/04/08
Gentoo	Update for dbmail	28/04/08
Slackware	Update for xine-lib	28/04/08
SIPp	"get_remote_video_port_media()" Buffer Overflow Vulnerability	28/04/08
Adobe Products	BMP Handling Buffer Overflow Vulnerability	28/04/08
Fedora	Update for WebKit	28/04/08
TorrentFlux	Cross-Site Request Forgery and PHP Code Execution	28/04/08
Fedora	Update for firefox	28/04/08
Fedora	Update for seamonkey	28/04/08
Debian	Update for roundup	28/04/08
Fedora	Update for openoffice.org	28/04/08
Fedora	Update for mt-daapd	28/04/08
Serendipity	Top Referrers Plugin Script Insertion Vulnerability	28/04/08
Foxit	Reader PDF XObject Processing Memory Corruption	28/04/08
Ubuntu	Update for gnumeric	28/04/08
Ubuntu	Update for firefox	28/04/08
Gentoo	Update for openfire	28/04/08
Debian	Update for iceweasel	28/04/08
Gentoo	Update for vlc	28/04/08
Ubuntu	Update for KOffice	21/04/08
Ubuntu	Update for poppler	21/04/08
RedHat	update for poppler	21/04/08
Poppler	Embedded Fonts Processing Vulnerability	21/04/08
Xpdf	Embedded Fonts Processing Vulnerability	21/04/08
VLC	Speex Header Processing Vulnerability	21/04/08
RedHat	update for ImageMagick	21/04/08
RedHat	update for ImageMagick	21/04/08
Exponent	CMS User Registration Script Insertion	21/04/08
Cisco	Network Admission Control Information Disclosure Security Issue	21/04/08
CA	Products DSM gui_cm_ctrls ActiveX Control Code Execution	21/04/08
OpenOffice	Multiple Vulnerabilities	21/04/08
HP	OpenView Network Node Manager Multiple Vulnerabilities	21/04/08
Safari	Multiple Vulnerabilities	21/04/08
Fedora	Update for libfishsound	21/04/08
Fedora	Update for nagios / nagios-plugins	21/04/08
BEA	JRockit Multiple Vulnerabilities	21/04/08
Secunia	Joomla Jom Comment Component Unspecified SQL Injection	21/04/08
RedHat	update for seamonkey	21/04/08
Mozilla	Firefox Javascript Garbage Collector Vulnerability	21/04/08
RedHat	update for firefox	21/04/08
Mozilla	SeaMonkey Javascript Garbage Collector Vulnerability	21/04/08
Fedora	Update for rsync	21/04/08
xine-lib	NSF Demuxer Buffer Overflow Vulnerability	21/04/08
Fedora	Update for otrs	21/04/08
RedHat	update for speex	21/04/08
Fedora	Update for speex	21/04/08
Kolab	Server ClamAV Multiple Vulnerabilities	18/04/08
Debian	Update for openoffice.org	18/04/08
Carbon	Communities Cross-Site Scripting and SQL Injection	18/04/08
Gentoo	Update for rsync	18/04/08
VMware	ESX Server Multiple Security Updates	18/04/08
Red Hat	update for redhat-ds-admin	18/04/08
DivX	Player Subtitle Parsing Buffer Overflow Vulnerability	17/04/08
Oracle	Products Multiple Vulnerabilities	17/04/08
Gentoo	Update for lighttpd	17/04/08
Ubuntu	Update for rsync	17/04/08
Secunia	Parallels Power Panel Cross-Site Request Forgeries	17/04/08
rsync	"xattr" Integer Overflow Vulnerability	17/04/08
Debian	Update for rsync	17/04/08
Gentoo	Update for tomcat	17/04/08
Gentoo	Update for libpng	17/04/08
Gentoo	Update for opera	17/04/08
CUPS	PNG Filter Integer Overflow Vulnerability	17/04/08
Ubuntu	Update for squid	17/04/08
xine-lib	Speex Header Processing Vulnerability	17/04/08
ClamAV	Upack Processing Buffer Overflow Vulnerability	16/04/08
Debian	Update for gnumeric	16/04/08
EMC	DiskXtender Multiple Vulnerabilities	16/04/08
Nortel Networks	Communication Server Multiple Vulnerabilities	16/04/08
SUSE	Update for flash-player	16/04/08
OmniPCX	Office Information Disclosure Vulnerability	16/04/08
Mandriva	Update for rsync	16/04/08
SUSE	Update for openssh and opera	16/04/08
CcMail	"this_cookie" Security Bypass Vulnerability	16/04/08
libpng	Unknown Chunk Processing Uninitialized Memory Access	16/04/08
1024 CMS	SQL Injection and File Inclusion	15/04/08
Coppermine	Photo Gallery "bridge/coppermine.inc.php" SQL Injection	15/04/08
Debian	Update for vlc	14/04/08
Drupal	Menu System Security Bypass Vulnerabilities	14/04/08
Ubuntu	Update for ghostscript	14/04/08
Debian	Update for libcairo	14/04/08
Gallery	Script Lite "path" Information Disclosure Vulnerability	14/04/08
Debian	Update for pdns-recursor	14/04/08
Tumbleweed	SecureTransport FileTransfer ActiveX Control "TransferFile()" Buffer Overflow	14/04/08
TIBCO	Rendezvous Multiple Buffer Overflow Vulnerabilities	14/04/08
KnowledgeQuest	SQL Injection and Security Bypass	14/04/08
Openfire	Unspecified Denial of Service	11/04/08
Drupal	Simple Access Module Security Bypass	11/04/08
Fedora	Update for xine-lib	11/04/08
Fedora	Update for xine-lib	11/04/08
Adobe	Flash Player Multiple Vulnerabilities	11/04/08
Red Hat	update for flash-plugin	11/04/08
HP	Storage Essentials Software Directory Traversal Vulnerability	11/04/08
Avaya	SIP Enablement Services Multiple Vulnerabilities	11/04/08
Fedora	Update for wireshark	11/04/08
Adobe ColdFusion	CFC Methods Access Security Bypass	11/04/08
Fedora	Update for cups	11/04/08
Fedora	Update for comix	11/04/08
Red Hat	update for squid	11/04/08
HP OpenView Network Node Manager	ovspmd.exe Buffer Overflow	10/04/08
Gentoo	Update for pecl-apc	10/04/08
Debian	Update for lighttpd	10/04/08
Mole "viewsource.php"	Information Disclosure Vulnerabilities	10/04/08
Microsoft	VBScript/JScript Script Decoding Buffer Overflow	10/04/08
Interwoven	WorkSite Web TransferCtrl Class ActiveX ControlDouble-Free Vulnerability	10/04/08
Aztech ADSL2/2+	Shell Command Injection	10/04/08
Secunia	Wikepage "wiki" Information Disclosure Vulnerability	10/04/08
Microsoft Project	Unspecified Code Execution Vulnerability	10/04/08
Microsoft Windows	GDI Image Parsing Buffer Overflows	10/04/08
activePDF	DocConverter Multiple Parsing Vulnerabilities	10/04/08
Autonomy Keyview	SDK Multiple Buffer Overflows	10/04/08
Internet Explorer	Data Stream Handling Vulnerability	10/04/08
Symantec Mail	Security Attachment Parsing Vulnerabilities	10/04/08
Lotus	Notes Multiple Keyview Parsing Vulnerabilities	10/04/08
Symantec	Mail Security for SMTP Attachment Parsing Vulnerabilities	10/04/08
Microsoft Windows	DNS Client Predictable Transaction ID Vulnerability	10/04/08
Microsoft	Windows hxvz.dll ActiveX Control Memory Corruption	09/04/08
Microsoft	Visio Two File Processing Vulnerabilities	09/04/08
Secunia	SmarterMail Web Server Denial of Service Vulnerability	09/04/08
Gentoo	Update for unzip	09/04/08
PHP	Photo Gallery "photo_id" SQL Injection	09/04/08
SUSE	Updates for Multiple Packages	09/04/08
Debian	Update for alsaplayer	09/04/08
Debian	Update for mapserver	09/04/08
SUSE	Update for cups	09/04/08
rPath	Update for cups	09/04/08
rPath	Update for wireshark	09/04/08
Software	Index Script "cid" SQL Injection Vulnerability	09/04/08
Comdev	News Publisher "arcmonth" SQL Injection	08/04/08
Site	Sift Listings "id" SQL Injection	08/04/08
Links	Directory "cat_id" SQL Injection Vulnerability	08/04/08
Red Hat	update for thunderbird	07/04/08
Debian	Update for xpdf	07/04/08
Orbit	Downloader URL Processing Buffer Overflow Vulnerability	07/04/08
Red Hat	update for java-1.5.0-ibm	07/04/08
Cisco	Unified Communications Disaster Recovery Framework Command Execution	07/04/08
SUSE	Update for MozillaFirefox	07/04/08
Borland	CaliberRM StarTeam Multicast Service Buffer Overflow	07/04/08
Novell	Kerberos KDC Multiple Vulnerabilities	07/04/08
Apple	QuickTime Multiple Vulnerabilities	07/04/08
Ubuntu	Update for cups	07/04/08
Mandriva	Update for cups	07/04/08
SUSE	Update for Sun Java	07/04/08
Secunia	Writer’s Block CMS "PostID" SQL Injection Vulnerability	07/04/08
Opera	Multiple Vulnerabilities	07/04/08
HP	OpenView Network Node Manager Buffer Overflow Vulnerability	07/04/08
Fedora	Update for centerim	04/04/08
Slackware	Update for xine-lib	04/04/08
Fedora	Update for seamonkey	04/04/08
Gentoo	Update for cups	04/04/08
IBM	DB2 Content Manager AllowedTrustedLogin Security Issue	04/04/08
rPath	Update for lighttpd	04/04/08
Red Hat	update for cups	04/04/08
Red Hat	update for cups	04/04/08
lighttpd	OpenSSL Error Queue Denial of Service Vulnerability	03/04/08
Secunia	EasyNews Multiple Vulnerabilities	03/04/08
Sympa	Malformed "Content-Type" Header Denial of Service Vulnerability	03/04/08
Secunia	Sava's GuestBook "action" Local File Inclusion	03/04/08
GnuPG	Duplicated IDs Memory Corruption	03/04/08
Debian	Update for xine-lib	03/04/08
Secunia	EfesTECH Video "catID" SQL Injection Vulnerability	03/04/08
Macrovision	InstallShield InstallScript One-Click Install ActiveXControl Code Execution	03/04/08
Secunia	Sava's Link Manager Two Vulnerabilities	03/04/08
Comix	Arbitrary Shell Command Execution Vulnerability	02/04/08
WordPress	WP-Download Plugin "dl_id" SQL Injection	02/04/08
Perlbal	Chunked Uploads Denial of Service and Directory Traversal	02/04/08
VMware	ESX Server update for libxml2	02/04/08
SUSE	Update for Multiple Packages	02/04/08
Debian	Update for iceweasel	02/04/08
Secunia	CuteFlow Cross-Site Scripting and SQL Injection	02/04/08
Slackware	Update for xine-lib	02/04/08
Slackware	Update for seamonkey	02/04/08
Slackware	Update for mozilla-firefox	02/04/08
Fedora	Update for Perlbal	02/04/08
XnView	Slideshow "FontName" Buffer Overflow Vulnerability	01/04/08