Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

April 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
Imager
Image-Based Fill Buffer Overflow Vulnerability
30/04/08
Slackware
Update for libpng
30/04/08
Sun
StarOffice/StarSuite Multiple Vulnerabilities
30/04/08
SUSE
Update for Multiple Packages
30/04/08
Gentoo
Update for comix
30/04/08
SUSE
Update for IBM Java
30/04/08
KDE
KHTML PNG Processing Buffer Overflow Vulnerability
30/04/08
E-Post
Mail Server POP3 Password Disclosure Vulnerability
30/04/08
Secunia
WordPress Download Monitor Plugin "id" SQL Injection Vulnerability
30/04/08
Sun
Java System Directory Server "bind-dn" Security Bypass
30/04/08
Red Hat
update for java-1.5.0-bea
30/04/08
Red Hat
update for java-1.4.2-bea
30/04/08
WordPress
PHP Code Execution and Cross-Site Scripting
30/04/08
ZoneMinder
Unspecified Code Execution Vulnerabilities
29/04/08
SUSE
Update for clamav
28/04/08
Debian
Update for xulrunner
28/04/08
HP
Oracle for OpenView Multiple Vulnerabilities
28/04/08
Gentoo
Update for cups
28/04/08
SUSE
Update for OpenOffice_org
28/04/08
Red Hat
update for openoffice.org
28/04/08
Red Hat
update for openoffice.org
28/04/08
Gentoo
Update for speex
28/04/08
Debian
Update for clamav
28/04/08
Sweep Speex
Header Processing Vulnerability
28/04/08
Trillian
Display Name Processing Memory Corruption
28/04/08
WordPress
Spreadsheet Plugin "ss_id" SQL Injection Vulnerability
28/04/08
RedDot
CMS "LngId" SQL Injection Vulnerability
28/04/08
Secunia
WordPress "cat" Directory Traversal Vulnerability
28/04/08
Gentoo
Update for jrockit-jdk-bin
28/04/08
HP Software
Update HPeDiag ActiveX Control Insecure Methods andBuffer Overflow
28/04/08
Debian
Update for perl
28/04/08
Red Hat
update for kdegraphics
28/04/08
Red Hat
update for xpdf
28/04/08
Debian
Update for xpdf
28/04/08
Gentoo
Update for silc
28/04/08
Slackware
Update for mozilla-firefox
28/04/08
Gentoo
Update for pdns-recursor
28/04/08
Gentoo
Update for netscape-flash
28/04/08
Debian
Update for mplayer
28/04/08
ICQ
Personal Status Processing Buffer Overflow
28/04/08
DBMail
Empty LDAP Passwords Authentication Bypass
28/04/08
Fedora
Update for fedora-ds-admin
28/04/08
Blender
"imb_loadhdr()" Buffer Overflow Vulnerability
28/04/08
Gentoo
Update for dbmail
28/04/08
Slackware
Update for xine-lib
28/04/08
SIPp
"get_remote_video_port_media()" Buffer Overflow Vulnerability
28/04/08
Adobe Products
BMP Handling Buffer Overflow Vulnerability
28/04/08
Fedora
Update for WebKit
28/04/08
TorrentFlux
Cross-Site Request Forgery and PHP Code Execution
28/04/08
Fedora
Update for firefox
28/04/08
Fedora
Update for seamonkey
28/04/08
Debian
Update for roundup
28/04/08
Fedora
Update for openoffice.org
28/04/08
Fedora
Update for mt-daapd
28/04/08
Serendipity
Top Referrers Plugin Script Insertion Vulnerability
28/04/08
Foxit
Reader PDF XObject Processing Memory Corruption
28/04/08
Ubuntu
Update for gnumeric
28/04/08
Ubuntu
Update for firefox
28/04/08
Gentoo
Update for openfire
28/04/08
Debian
Update for iceweasel
28/04/08
Gentoo
Update for vlc
28/04/08
Ubuntu
Update for KOffice
21/04/08
Ubuntu
Update for poppler
21/04/08
RedHat
update for poppler
21/04/08
Poppler
Embedded Fonts Processing Vulnerability
21/04/08
Xpdf
Embedded Fonts Processing Vulnerability
21/04/08
VLC
Speex Header Processing Vulnerability
21/04/08
RedHat
update for ImageMagick
21/04/08
RedHat
update for ImageMagick
21/04/08
Exponent
CMS User Registration Script Insertion
21/04/08
Cisco
Network Admission Control Information Disclosure Security Issue
21/04/08
CA
Products DSM gui_cm_ctrls ActiveX Control Code Execution
21/04/08
OpenOffice
Multiple Vulnerabilities
21/04/08
HP
OpenView Network Node Manager Multiple Vulnerabilities
21/04/08
Safari
Multiple Vulnerabilities
21/04/08
Fedora
Update for libfishsound
21/04/08
Fedora
Update for nagios / nagios-plugins
21/04/08
BEA
JRockit Multiple Vulnerabilities
21/04/08
Secunia
Joomla Jom Comment Component Unspecified SQL Injection
21/04/08
RedHat
update for seamonkey
21/04/08
Mozilla
Firefox Javascript Garbage Collector Vulnerability
21/04/08
RedHat
update for firefox
21/04/08
Mozilla
SeaMonkey Javascript Garbage Collector Vulnerability
21/04/08
Fedora
Update for rsync
21/04/08
xine-lib
NSF Demuxer Buffer Overflow Vulnerability
21/04/08
Fedora
Update for otrs
21/04/08
RedHat
update for speex
21/04/08
Fedora
Update for speex
21/04/08
Kolab
Server ClamAV Multiple Vulnerabilities
18/04/08
Debian
Update for openoffice.org
18/04/08
Carbon
Communities Cross-Site Scripting and SQL Injection
18/04/08
Gentoo
Update for rsync
18/04/08
VMware
ESX Server Multiple Security Updates
18/04/08
Red Hat
update for redhat-ds-admin
18/04/08
DivX
Player Subtitle Parsing Buffer Overflow Vulnerability
17/04/08
Oracle
Products Multiple Vulnerabilities
17/04/08
Gentoo
Update for lighttpd
17/04/08
Ubuntu
Update for rsync
17/04/08
Secunia
Parallels Power Panel Cross-Site Request Forgeries
17/04/08
rsync
"xattr" Integer Overflow Vulnerability
17/04/08
Debian
Update for rsync
17/04/08
Gentoo
Update for tomcat
17/04/08
Gentoo
Update for libpng
17/04/08
Gentoo
Update for opera
17/04/08
CUPS
PNG Filter Integer Overflow Vulnerability
17/04/08
Ubuntu
Update for squid
17/04/08
xine-lib
Speex Header Processing Vulnerability
17/04/08
ClamAV
Upack Processing Buffer Overflow Vulnerability
16/04/08
Debian
Update for gnumeric
16/04/08
EMC
DiskXtender Multiple Vulnerabilities
16/04/08
Nortel Networks
Communication Server Multiple Vulnerabilities
16/04/08
SUSE
Update for flash-player
16/04/08
OmniPCX
Office Information Disclosure Vulnerability
16/04/08
Mandriva
Update for rsync
16/04/08
SUSE
Update for openssh and opera
16/04/08
CcMail
"this_cookie" Security Bypass Vulnerability
16/04/08
libpng
Unknown Chunk Processing Uninitialized Memory Access
16/04/08
1024 CMS
SQL Injection and File Inclusion
15/04/08
Coppermine
Photo Gallery "bridge/coppermine.inc.php" SQL Injection
15/04/08
Debian
Update for vlc
14/04/08
Drupal
Menu System Security Bypass Vulnerabilities
14/04/08
Ubuntu
Update for ghostscript
14/04/08
Debian
Update for libcairo
14/04/08
Gallery
Script Lite "path" Information Disclosure Vulnerability
14/04/08
Debian
Update for pdns-recursor
14/04/08
Tumbleweed
SecureTransport FileTransfer ActiveX Control "TransferFile()" Buffer Overflow
14/04/08
TIBCO
Rendezvous Multiple Buffer Overflow Vulnerabilities
14/04/08
KnowledgeQuest
SQL Injection and Security Bypass
14/04/08
Openfire
Unspecified Denial of Service
11/04/08
Drupal
Simple Access Module Security Bypass
11/04/08
Fedora
Update for xine-lib
11/04/08
Fedora
Update for xine-lib
11/04/08
Adobe
Flash Player Multiple Vulnerabilities
11/04/08
Red Hat
update for flash-plugin
11/04/08
HP
Storage Essentials Software Directory Traversal Vulnerability
11/04/08
Avaya
SIP Enablement Services Multiple Vulnerabilities
11/04/08
Fedora
Update for wireshark
11/04/08
Adobe ColdFusion
CFC Methods Access Security Bypass
11/04/08
Fedora
Update for cups
11/04/08
Fedora
Update for comix
11/04/08
Red Hat
update for squid
11/04/08
HP OpenView Network Node Manager
ovspmd.exe Buffer Overflow
10/04/08
Gentoo
Update for pecl-apc
10/04/08
Debian
Update for lighttpd
10/04/08
Mole "viewsource.php"
Information Disclosure Vulnerabilities
10/04/08
Microsoft
VBScript/JScript Script Decoding Buffer Overflow
10/04/08
Interwoven
WorkSite Web TransferCtrl Class ActiveX ControlDouble-Free Vulnerability
10/04/08
Aztech ADSL2/2+
Shell Command Injection
10/04/08
Secunia
Wikepage "wiki" Information Disclosure Vulnerability
10/04/08
Microsoft Project
Unspecified Code Execution Vulnerability
10/04/08
Microsoft Windows
GDI Image Parsing Buffer Overflows
10/04/08
activePDF
DocConverter Multiple Parsing Vulnerabilities
10/04/08
Autonomy Keyview
SDK Multiple Buffer Overflows
10/04/08
Internet Explorer
Data Stream Handling Vulnerability
10/04/08
Symantec Mail
Security Attachment Parsing Vulnerabilities
10/04/08
Lotus
Notes Multiple Keyview Parsing Vulnerabilities
10/04/08
Symantec
Mail Security for SMTP Attachment Parsing Vulnerabilities
10/04/08
Microsoft Windows
DNS Client Predictable Transaction ID Vulnerability
10/04/08
Microsoft
Windows hxvz.dll ActiveX Control Memory Corruption
09/04/08
Microsoft
Visio Two File Processing Vulnerabilities
09/04/08
Secunia
SmarterMail Web Server Denial of Service Vulnerability
09/04/08
Gentoo
Update for unzip
09/04/08
PHP
Photo Gallery "photo_id" SQL Injection
09/04/08
SUSE
Updates for Multiple Packages
09/04/08
Debian
Update for alsaplayer
09/04/08
Debian
Update for mapserver
09/04/08
SUSE
Update for cups
09/04/08
rPath
Update for cups
09/04/08
rPath
Update for wireshark
09/04/08
Software
Index Script "cid" SQL Injection Vulnerability
09/04/08
Comdev
News Publisher "arcmonth" SQL Injection
08/04/08
Site
Sift Listings "id" SQL Injection
08/04/08
Links
Directory "cat_id" SQL Injection Vulnerability
08/04/08
Red Hat
update for thunderbird
07/04/08
Debian
Update for xpdf
07/04/08
Orbit
Downloader URL Processing Buffer Overflow Vulnerability
07/04/08
Red Hat
update for java-1.5.0-ibm
07/04/08
Cisco
Unified Communications Disaster Recovery Framework Command Execution
07/04/08
SUSE
Update for MozillaFirefox
07/04/08
Borland
CaliberRM StarTeam Multicast Service Buffer Overflow
07/04/08
Novell
Kerberos KDC Multiple Vulnerabilities
07/04/08
Apple
QuickTime Multiple Vulnerabilities
07/04/08
Ubuntu
Update for cups
07/04/08
Mandriva
Update for cups
07/04/08
SUSE
Update for Sun Java
07/04/08
Secunia
Writer’s Block CMS "PostID" SQL Injection Vulnerability
07/04/08
Opera
Multiple Vulnerabilities
07/04/08
HP
OpenView Network Node Manager Buffer Overflow Vulnerability
07/04/08
Fedora
Update for centerim
04/04/08
Slackware
Update for xine-lib
04/04/08
Fedora
Update for seamonkey
04/04/08
Gentoo
Update for cups
04/04/08
IBM
DB2 Content Manager AllowedTrustedLogin Security Issue
04/04/08
rPath
Update for lighttpd
04/04/08
Red Hat
update for cups
04/04/08
Red Hat
update for cups
04/04/08
lighttpd
OpenSSL Error Queue Denial of Service Vulnerability
03/04/08
Secunia
EasyNews Multiple Vulnerabilities
03/04/08
Sympa
Malformed "Content-Type" Header Denial of Service Vulnerability
03/04/08
Secunia
Sava's GuestBook "action" Local File Inclusion
03/04/08
GnuPG
Duplicated IDs Memory Corruption
03/04/08
Debian
Update for xine-lib
03/04/08
Secunia
EfesTECH Video "catID" SQL Injection Vulnerability
03/04/08
Macrovision
InstallShield InstallScript One-Click Install ActiveXControl Code Execution
03/04/08
Secunia
Sava's Link Manager Two Vulnerabilities
03/04/08
Comix
Arbitrary Shell Command Execution Vulnerability
02/04/08
WordPress
WP-Download Plugin "dl_id" SQL Injection
02/04/08
Perlbal
Chunked Uploads Denial of Service and Directory Traversal
02/04/08
VMware
ESX Server update for libxml2
02/04/08
SUSE
Update for Multiple Packages
02/04/08
Debian
Update for iceweasel
02/04/08
Secunia
CuteFlow Cross-Site Scripting and SQL Injection
02/04/08
Slackware
Update for xine-lib
02/04/08
Slackware
Update for seamonkey
02/04/08
Slackware
Update for mozilla-firefox
02/04/08
Fedora
Update for Perlbal
02/04/08
XnView
Slideshow "FontName" Buffer Overflow Vulnerability
01/04/08