Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | April 2008

April 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Imager	Image-Based Fill Buffer Overflow Vulnerability	30/04/08
Slackware	Update for libpng	30/04/08
Sun	StarOffice/StarSuite Multiple Vulnerabilities	30/04/08
SUSE	Update for Multiple Packages	30/04/08
Gentoo	Update for comix	30/04/08
SUSE	Update for IBM Java	30/04/08
KDE	KHTML PNG Processing Buffer Overflow Vulnerability	30/04/08
E-Post	Mail Server POP3 Password Disclosure Vulnerability	30/04/08
Secunia	WordPress Download Monitor Plugin "id" SQL Injection Vulnerability	30/04/08
Sun	Java System Directory Server "bind-dn" Security Bypass	30/04/08
Red Hat	update for java-1.5.0-bea	30/04/08
Red Hat	update for java-1.4.2-bea	30/04/08
WordPress	PHP Code Execution and Cross-Site Scripting	30/04/08
ZoneMinder	Unspecified Code Execution Vulnerabilities	29/04/08
SUSE	Update for clamav	28/04/08
Debian	Update for xulrunner	28/04/08
HP	Oracle for OpenView Multiple Vulnerabilities	28/04/08
Gentoo	Update for cups	28/04/08
SUSE	Update for OpenOffice_org	28/04/08
Red Hat	update for openoffice.org	28/04/08
Red Hat	update for openoffice.org	28/04/08
Gentoo	Update for speex	28/04/08
Debian	Update for clamav	28/04/08
Sweep Speex	Header Processing Vulnerability	28/04/08
Trillian	Display Name Processing Memory Corruption	28/04/08
WordPress	Spreadsheet Plugin "ss_id" SQL Injection Vulnerability	28/04/08
RedDot	CMS "LngId" SQL Injection Vulnerability	28/04/08
Secunia	WordPress "cat" Directory Traversal Vulnerability	28/04/08
Gentoo	Update for jrockit-jdk-bin	28/04/08
HP Software	Update HPeDiag ActiveX Control Insecure Methods andBuffer Overflow	28/04/08
Debian	Update for perl	28/04/08
Red Hat	update for kdegraphics	28/04/08
Red Hat	update for xpdf	28/04/08
Debian	Update for xpdf	28/04/08
Gentoo	Update for silc	28/04/08
Slackware	Update for mozilla-firefox	28/04/08
Gentoo	Update for pdns-recursor	28/04/08
Gentoo	Update for netscape-flash	28/04/08
Debian	Update for mplayer	28/04/08
ICQ	Personal Status Processing Buffer Overflow	28/04/08
DBMail	Empty LDAP Passwords Authentication Bypass	28/04/08
Fedora	Update for fedora-ds-admin	28/04/08
Blender	"imb_loadhdr()" Buffer Overflow Vulnerability	28/04/08
Gentoo	Update for dbmail	28/04/08
Slackware	Update for xine-lib	28/04/08
SIPp	"get_remote_video_port_media()" Buffer Overflow Vulnerability	28/04/08
Adobe Products	BMP Handling Buffer Overflow Vulnerability	28/04/08
Fedora	Update for WebKit	28/04/08
TorrentFlux	Cross-Site Request Forgery and PHP Code Execution	28/04/08
Fedora	Update for firefox	28/04/08
Fedora	Update for seamonkey	28/04/08
Debian	Update for roundup	28/04/08
Fedora	Update for openoffice.org	28/04/08
Fedora	Update for mt-daapd	28/04/08
Serendipity	Top Referrers Plugin Script Insertion Vulnerability	28/04/08
Foxit	Reader PDF XObject Processing Memory Corruption	28/04/08
Ubuntu	Update for gnumeric	28/04/08
Ubuntu	Update for firefox	28/04/08
Gentoo	Update for openfire	28/04/08
Debian	Update for iceweasel	28/04/08
Gentoo	Update for vlc	28/04/08
Ubuntu	Update for KOffice	21/04/08
Ubuntu	Update for poppler	21/04/08
RedHat	update for poppler	21/04/08
Poppler	Embedded Fonts Processing Vulnerability	21/04/08
Xpdf	Embedded Fonts Processing Vulnerability	21/04/08
VLC	Speex Header Processing Vulnerability	21/04/08
RedHat	update for ImageMagick	21/04/08
RedHat	update for ImageMagick	21/04/08
Exponent	CMS User Registration Script Insertion	21/04/08
Cisco	Network Admission Control Information Disclosure Security Issue	21/04/08
CA	Products DSM gui_cm_ctrls ActiveX Control Code Execution	21/04/08
OpenOffice	Multiple Vulnerabilities	21/04/08
HP	OpenView Network Node Manager Multiple Vulnerabilities	21/04/08
Safari	Multiple Vulnerabilities	21/04/08
Fedora	Update for libfishsound	21/04/08
Fedora	Update for nagios / nagios-plugins	21/04/08
BEA	JRockit Multiple Vulnerabilities	21/04/08
Secunia	Joomla Jom Comment Component Unspecified SQL Injection	21/04/08
RedHat	update for seamonkey	21/04/08
Mozilla	Firefox Javascript Garbage Collector Vulnerability	21/04/08
RedHat	update for firefox	21/04/08
Mozilla	SeaMonkey Javascript Garbage Collector Vulnerability	21/04/08
Fedora	Update for rsync	21/04/08
xine-lib	NSF Demuxer Buffer Overflow Vulnerability	21/04/08
Fedora	Update for otrs	21/04/08
RedHat	update for speex	21/04/08
Fedora	Update for speex	21/04/08
Kolab	Server ClamAV Multiple Vulnerabilities	18/04/08
Debian	Update for openoffice.org	18/04/08
Carbon	Communities Cross-Site Scripting and SQL Injection	18/04/08
Gentoo	Update for rsync	18/04/08
VMware	ESX Server Multiple Security Updates	18/04/08
Red Hat	update for redhat-ds-admin	18/04/08
DivX	Player Subtitle Parsing Buffer Overflow Vulnerability	17/04/08
Oracle	Products Multiple Vulnerabilities	17/04/08
Gentoo	Update for lighttpd	17/04/08
Ubuntu	Update for rsync	17/04/08
Secunia	Parallels Power Panel Cross-Site Request Forgeries	17/04/08
rsync	"xattr" Integer Overflow Vulnerability	17/04/08
Debian	Update for rsync	17/04/08
Gentoo	Update for tomcat	17/04/08
Gentoo	Update for libpng	17/04/08
Gentoo	Update for opera	17/04/08
CUPS	PNG Filter Integer Overflow Vulnerability	17/04/08
Ubuntu	Update for squid	17/04/08
xine-lib	Speex Header Processing Vulnerability	17/04/08
ClamAV	Upack Processing Buffer Overflow Vulnerability	16/04/08
Debian	Update for gnumeric	16/04/08
EMC	DiskXtender Multiple Vulnerabilities	16/04/08
Nortel Networks	Communication Server Multiple Vulnerabilities	16/04/08
SUSE	Update for flash-player	16/04/08
OmniPCX	Office Information Disclosure Vulnerability	16/04/08
Mandriva	Update for rsync	16/04/08
SUSE	Update for openssh and opera	16/04/08
CcMail	"this_cookie" Security Bypass Vulnerability	16/04/08
libpng	Unknown Chunk Processing Uninitialized Memory Access	16/04/08
1024 CMS	SQL Injection and File Inclusion	15/04/08
Coppermine	Photo Gallery "bridge/coppermine.inc.php" SQL Injection	15/04/08
Debian	Update for vlc	14/04/08
Drupal	Menu System Security Bypass Vulnerabilities	14/04/08
Ubuntu	Update for ghostscript	14/04/08
Debian	Update for libcairo	14/04/08
Gallery	Script Lite "path" Information Disclosure Vulnerability	14/04/08
Debian	Update for pdns-recursor	14/04/08
Tumbleweed	SecureTransport FileTransfer ActiveX Control "TransferFile()" Buffer Overflow	14/04/08
TIBCO	Rendezvous Multiple Buffer Overflow Vulnerabilities	14/04/08
KnowledgeQuest	SQL Injection and Security Bypass	14/04/08
Openfire	Unspecified Denial of Service	11/04/08
Drupal	Simple Access Module Security Bypass	11/04/08
Fedora	Update for xine-lib	11/04/08
Fedora	Update for xine-lib	11/04/08
Adobe	Flash Player Multiple Vulnerabilities	11/04/08
Red Hat	update for flash-plugin	11/04/08
HP	Storage Essentials Software Directory Traversal Vulnerability	11/04/08
Avaya	SIP Enablement Services Multiple Vulnerabilities	11/04/08
Fedora	Update for wireshark	11/04/08
Adobe ColdFusion	CFC Methods Access Security Bypass	11/04/08
Fedora	Update for cups	11/04/08
Fedora	Update for comix	11/04/08
Red Hat	update for squid	11/04/08
HP OpenView Network Node Manager	ovspmd.exe Buffer Overflow	10/04/08
Gentoo	Update for pecl-apc	10/04/08
Debian	Update for lighttpd	10/04/08
Mole "viewsource.php"	Information Disclosure Vulnerabilities	10/04/08
Microsoft	VBScript/JScript Script Decoding Buffer Overflow	10/04/08
Interwoven	WorkSite Web TransferCtrl Class ActiveX ControlDouble-Free Vulnerability	10/04/08
Aztech ADSL2/2+	Shell Command Injection	10/04/08
Secunia	Wikepage "wiki" Information Disclosure Vulnerability	10/04/08
Microsoft Project	Unspecified Code Execution Vulnerability	10/04/08
Microsoft Windows	GDI Image Parsing Buffer Overflows	10/04/08
activePDF	DocConverter Multiple Parsing Vulnerabilities	10/04/08
Autonomy Keyview	SDK Multiple Buffer Overflows	10/04/08
Internet Explorer	Data Stream Handling Vulnerability	10/04/08
Symantec Mail	Security Attachment Parsing Vulnerabilities	10/04/08
Lotus	Notes Multiple Keyview Parsing Vulnerabilities	10/04/08
Symantec	Mail Security for SMTP Attachment Parsing Vulnerabilities	10/04/08
Microsoft Windows	DNS Client Predictable Transaction ID Vulnerability	10/04/08
Microsoft	Windows hxvz.dll ActiveX Control Memory Corruption	09/04/08
Microsoft	Visio Two File Processing Vulnerabilities	09/04/08
Secunia	SmarterMail Web Server Denial of Service Vulnerability	09/04/08
Gentoo	Update for unzip	09/04/08
PHP	Photo Gallery "photo_id" SQL Injection	09/04/08
SUSE	Updates for Multiple Packages	09/04/08
Debian	Update for alsaplayer	09/04/08
Debian	Update for mapserver	09/04/08
SUSE	Update for cups	09/04/08
rPath	Update for cups	09/04/08
rPath	Update for wireshark	09/04/08
Software	Index Script "cid" SQL Injection Vulnerability	09/04/08
Comdev	News Publisher "arcmonth" SQL Injection	08/04/08
Site	Sift Listings "id" SQL Injection	08/04/08
Links	Directory "cat_id" SQL Injection Vulnerability	08/04/08
Red Hat	update for thunderbird	07/04/08
Debian	Update for xpdf	07/04/08
Orbit	Downloader URL Processing Buffer Overflow Vulnerability	07/04/08
Red Hat	update for java-1.5.0-ibm	07/04/08
Cisco	Unified Communications Disaster Recovery Framework Command Execution	07/04/08
SUSE	Update for MozillaFirefox	07/04/08
Borland	CaliberRM StarTeam Multicast Service Buffer Overflow	07/04/08
Novell	Kerberos KDC Multiple Vulnerabilities	07/04/08
Apple	QuickTime Multiple Vulnerabilities	07/04/08
Ubuntu	Update for cups	07/04/08
Mandriva	Update for cups	07/04/08
SUSE	Update for Sun Java	07/04/08
Secunia	Writer’s Block CMS "PostID" SQL Injection Vulnerability	07/04/08
Opera	Multiple Vulnerabilities	07/04/08
HP	OpenView Network Node Manager Buffer Overflow Vulnerability	07/04/08
Fedora	Update for centerim	04/04/08
Slackware	Update for xine-lib	04/04/08
Fedora	Update for seamonkey	04/04/08
Gentoo	Update for cups	04/04/08
IBM	DB2 Content Manager AllowedTrustedLogin Security Issue	04/04/08
rPath	Update for lighttpd	04/04/08
Red Hat	update for cups	04/04/08
Red Hat	update for cups	04/04/08
lighttpd	OpenSSL Error Queue Denial of Service Vulnerability	03/04/08
Secunia	EasyNews Multiple Vulnerabilities	03/04/08
Sympa	Malformed "Content-Type" Header Denial of Service Vulnerability	03/04/08
Secunia	Sava's GuestBook "action" Local File Inclusion	03/04/08
GnuPG	Duplicated IDs Memory Corruption	03/04/08
Debian	Update for xine-lib	03/04/08
Secunia	EfesTECH Video "catID" SQL Injection Vulnerability	03/04/08
Macrovision	InstallShield InstallScript One-Click Install ActiveXControl Code Execution	03/04/08
Secunia	Sava's Link Manager Two Vulnerabilities	03/04/08
Comix	Arbitrary Shell Command Execution Vulnerability	02/04/08
WordPress	WP-Download Plugin "dl_id" SQL Injection	02/04/08
Perlbal	Chunked Uploads Denial of Service and Directory Traversal	02/04/08
VMware	ESX Server update for libxml2	02/04/08
SUSE	Update for Multiple Packages	02/04/08
Debian	Update for iceweasel	02/04/08
Secunia	CuteFlow Cross-Site Scripting and SQL Injection	02/04/08
Slackware	Update for xine-lib	02/04/08
Slackware	Update for seamonkey	02/04/08
Slackware	Update for mozilla-firefox	02/04/08
Fedora	Update for Perlbal	02/04/08
XnView	Slideshow "FontName" Buffer Overflow Vulnerability	01/04/08

Centre for Critical Infrastructure Protection (CCIP)

Centre for Critical Infrastructure Protection

April 2008