Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

October 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
VMware
VMware ESX Server update for libxml2
31/10/08
Gentoo
Gentoo update for libspf2
31/10/08
IBM
IBM Lotus Connections Multiple Vulnerabilities
30/10/08
IBM
IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
30/10/08
Red Hat
Fedora update for ed
30/10/08
Red Hat
Fedora update for libtirpc
30/10/08
Red Hat
Fedora update for dovecot
30/10/08
Red Hat
Fedora update for drupal
30/10/08
Opera Software
MyBB Multiple Vulnerabilities
30/10/08
Opera Software
Opera Command Execution and Cross-Site Scripting
30/10/08
Debian
Debian update for openoffice.org
30/10/08
OpenOffice.org
KTorrent 2 Web Interface Torrent Upload and PHP Code Injection
29/10/08
OpenOffice.org
OpenOffice WMF and EMF Processing Buffer Overflows
29/10/08
Red Hat
Red Hat update for flash-plugin
29/10/08
Adobe Systems
Adobe PageMaker PMD File Processing Buffer Overflows
29/10/08
Novell
SUSE update for kernel
29/10/08
Novell
Novell eDirectory NCP Unspecified Vulnerability
28/10/08
NetBSD
NetBSD ftpd Long Command Processing Vulnerability
28/10/08
NetBSD
NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability
28/10/08
NetBSD
NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
28/10/08
Red Hat
Red Hat update for lynx
28/10/08
Citrix Systems
Citrix Web Interface Improper Session Termination Security Issue
28/10/08
Red Hat
Fedora update for drupal
28/10/08
Debian
Debian update for clamav
28/10/08
HP
Mantis "sort" PHP Code Execution Vulnerability
28/10/08
HP
HP Insight Diagnostics Unspecified File Disclosure Vulnerability
27/10/08
Red Hat
VLC Media Player TY Processing Buffer Overflow Vulnerability
27/10/08
Red Hat
Red Hat update for java-1.5.0-ibm
27/10/08
Red Hat
Red Hat update for java-1.6.0-ibm
27/10/08
Sun Microsystems
Sun Java System LDAP JDK Information Disclosure Vulnerability
24/10/08
IBM
IBM WebSphere Host On-Demand Authentication Bypass
24/10/08
Red Hat
Fedora update for git
24/10/08
Red Hat
Fedora update for gfs2-utils and rgmanager
24/10/08
Red Hat
Fedora update for cman
24/10/08
Debian
Debian update for libspf2
24/10/08
Red Hat
Fedora update for kernel
24/10/08
SuSE
SUSE Update for Multiple Packages
24/10/08
Microsoft
Microsoft Windows Server Service Vulnerability
24/10/08
Opera Software
LoudBlog "colpick" SQL Injection Vulnerability
23/10/08
Opera Software
Opera Multiple Vulnerabilities
23/10/08
Cisco
Cisco ASA and PIX IPv6 Denial of Service
23/10/08
Cisco
freeSSHd SFTP Directory Buffer Overflow Vulnerability
23/10/08
Cisco
freeSSHd Two Denial of Service Vulnerabilities
23/10/08
Cisco
Cisco ASA and PIX VPN Authentication Bypass
23/10/08
Cisco
Cisco ASA Crypto Accelerator Memory Leak
23/10/08
Debian
Debian update for dbus
23/10/08
Sun Microsystems
Sun Integrated Lights-Out Manager Web Interface Unauthorized Access
23/10/08
HP
HP OpenView Products Shared Trace Service Denial of Service
23/10/08
Trend Micro
Trend Micro OfficeScan CGI Parsing Buffer Overflow
23/10/08
Red Hat
imlib2 PNM and XPM Buffer Overflow Vulnerabilities
23/10/08
Red Hat
Fedora update for php-Smarty
23/10/08
Debian
Debian update for qemu
22/10/08
GNU Project
GNU Enscript "setfilename" Special Escape Buffer Overflow
22/10/08
Novell
SUSE update for kernel
22/10/08
IBM
IBM DB2 Multiple Vulnerabilities
22/10/08
Red Hat
Red Hat update for ed
22/10/08
Red Hat
Red Hat update for ruby
22/10/08
Red Hat
Red Hat update for ruby
22/10/08
Red Hat
Red Hat update for ruby
22/10/08
Red Hat
Fedora update for jhead
22/10/08
Altiris
Symantec Altiris Deployment Solution Privilege Escalation
21/10/08
SuSE
SUSE update for kernel
21/10/08
Opera Software
Opera Multiple Vulnerabilities
21/10/08
F-Secure
F-Secure Products RPM Parsing Integer Overflow Vulnerability
21/10/08
Microsoft
Microsoft Outlook Web Access Redirection Weaknesses
21/10/08
Debian
Debian update for cupsys
21/10/08
Red Hat
Fedora update for mantis
21/10/08
IBM
Wireshark Multiple Denial of Service Vulnerabilities
21/10/08
IBM
IBM WebSphere Application Server Multiple Vulnerabilities
21/10/08
IBM
IBM HTTP Server mod_proxy Interim Responses Denial of Service
21/10/08
Debian
cpCommerce Multiple Cross-Site Scripting Vulnerabilities
21/10/08
Debian
yappa-ng "album" Local File Inclusion Vulnerability
21/10/08
Debian
Debian update for linux-2.6
21/10/08
HP
e107 "ue[]" SQL Injection Vulnerability
21/10/08
HP
Fast Click SQL Lite "CFG[CDIR]" File Inclusion Vulnerability
03/10/08
HP
HP SiteScope SNMP Trap Script Insertion Vulnerability
03/10/08
Red Hat
VLC Media Player TY Processing Buffer Overflow Vulnerability
03/10/08
SuSE
SUSE Update for Multiple Packages
03/10/08
Sun Microsystems
Nuked-Klan "Referer" SQL Injection Vulnerability
03/10/08
Sun Microsystems
PhpWebGallery PHP Code Execution and SQL Injection
03/10/08
Sun Microsystems
WEB//NEWS "catid" SQL Injection Vulnerability
03/10/08
Sun Microsystems
Sun Solaris libpng tRNS Chunk Denial of Service
03/10/08
Avaya
Avaya Products ipsec-tools Denial of Service
03/10/08
Avaya
Avaya Products libxml2 Denial of Service
03/10/08
Avaya
Avaya Products bzip2 Denial of Service
03/10/08
Apache Software Foundation
Apache mod_proxy_ftp Wildcard Characters Cross-Site Scripting
03/10/08
HP
HP Systems Insight Manager Unspecified Unauthorised Access
16/10/08
Microsoft
myEvent Multiple Vulnerabilities
16/10/08
Microsoft
Microsoft Windows IIS IPP Service Integer Overflow Vulnerability
16/10/08
HP
HP OpenView Network Node Manager Multiple Vulnerabilities
16/10/08
Adobe Systems
Adobe Flash Player "Clickjacking" Security Bypass Vulnerability
16/10/08
Adobe Systems
Adobe Flash Player Multiple Security Issues
16/10/08
Adobe Systems
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
16/10/08
Red Hat
Fedora update for rubygems / rubygem packages
16/10/08
Red Hat
Fedora update for cups
16/10/08
Red Hat
Fedora update for neon
16/10/08
Red Hat
Fedora update for drupal
16/10/08
Red Hat
Fedora update for bluez-utils and bluez-libs
16/10/08
Microsoft
Microsoft Products GDI+ Multiple Vulnerabilities
16/10/08
Microsoft
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
16/10/08
Microsoft
Microsoft Office Web Components Two Vulnerabilities
15/10/08
Oracle
Oracle Products Multiple Vulnerabilities
15/10/08
BEA WebLogic Server Multiple Vulnerabilities
15/10/08
Oracle
BEA WebLogic Server Multiple Authorizers Security Bypass
15/10/08
BEA
BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability
15/10/08
BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability
15/10/08
Microsoft
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
15/10/08
Sun Microsystems
Sun Solaris "sadmind" Buffer Overflow Vulnerability
15/10/08
Debian
Debian update for libxml2
15/10/08
Microsoft
VLC Media Player XSPF Processing Memory Corruption Vulnerability
15/10/08
Microsoft
Microsoft Windows Privilege Escalation Vulnerabilities
15/10/08
Microsoft
Microsoft Windows IIS IPP Service Integer Overflow Vulnerability
15/10/08
Microsoft
Microsoft Windows Active Directory Buffer Overflow Vulnerability
14/10/08
Microsoft
Microsoft Windows SMB Buffer Underflow Vulnerability
14/10/08
Microsoft
Microsoft Windows Virtual Address Descriptor Privilege Escalation
14/10/08
Microsoft
Microsoft Windows 2000 Message Queuing Service Vulnerability
14/10/08
Microsoft
Microsoft Windows Ancillary Function Driver Privilege Escalation
14/10/08
Microsoft
Microsoft Internet Explorer Multiple Vulnerabilities
14/10/08
Microsoft
Internet Explorer 6 Window "location" Handling Vulnerability
14/10/08
Microsoft
Microsoft Host Integration Server SNA RPC Vulnerability
14/10/08
Microsoft
Microsoft Excel Multiple Vulnerabilities
14/10/08
Microsoft
Microsoft Office CDO URI Handling Cross-Site Scripting
14/10/08
Sun Microsystems
Phorum BBcode Nested "img" Tags Script Insertion
14/10/08
Sun Microsystems
Sun Java System Web Proxy Server Two Vulnerabilities
14/10/08
Cisco
RaidenFTPD Directory Name Buffer Overflow Vulnerability
14/10/08
Cisco
Zomplog Multiple Vulnerabilities
14/10/08
Cisco
Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability
14/10/08
Mozilla Organization
Firefox .url Shortcut File Information Disclosure
14/10/08
Avaya
Avaya AES / MX Apache Tomcat Multiple Vulnerabilities
14/10/08
Avaya
Avaya Products vsftpd PAM Memory Leak Vulnerability
14/10/08
Avaya
Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability
14/10/08
Debian
Debian update for linux-2.6
14/10/08
Avaya
Avaya Products Red Hat Tampered OpenSSH Packages
14/10/08
Trend Micro
WinFTP "PASV" Denial of Service Vulnerability
14/10/08
Trend Micro
Trend Micro OfficeScan Directory Traversal Vulnerability
14/10/08
Debian
JasPer Multiple Vulnerabilities
14/10/08
Debian
OpenCA Cross-Site Request Forgery Vulnerability
14/10/08
Debian
GForge Multiple SQL Injection Vulnerabilities
14/10/08
Debian
Debian update for mon
14/10/08
Debian
Debian update for ruby1.9
13/10/08
Debian
Debian update for ruby1.8
13/10/08
Debian
Debian update for squid
13/10/08
Apache Software Foundation
Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue
13/10/08
Debian
Debian update for openldap
13/10/08
Sun Microsystems
Sun Java System Web Proxy Server Two Vulnerabilities
13/10/08
Red Hat
Red Hat update for cups
13/10/08
Apple
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
13/10/08
Red Hat
Fedora update for condor
10/10/08
HP
HP OpenView Network Node Manager Multiple Vulnerabilities
10/10/08
HP
HP OpenView Network Node Manager Denial of Service and Code Execution
10/10/08
Red Hat
CUPS Multiple Vulnerabilities
10/10/08
Red Hat
Fedora update for postfix
10/10/08
Red Hat
Fedora update for ruby
10/10/08
Red Hat
Fedora update for dbus
10/10/08
Gentoo
Gentoo Portage Insecure Python Module Search Path Security Issue
10/10/08
Computer Associates (CA)
CA ARCserve Backup Multiple Vulnerabilities
10/10/08
HP
HP System Management Homepage Unspecified Cross Site Scripting Vulnerability
10/10/08
Avaya
ModSecurity "SecCacheTransformations" Vulnerability
10/10/08
Avaya
Avaya AES LibTIFF LZW Decoder Buffer Underflow Vulnerability
10/10/08
Avaya
Avaya Products Wireshark Multiple Denial of Service Vulnerabilities
10/10/08
Avaya
Avaya IP Softphone H.323 Denial of Service Vulnerability
10/10/08
Avaya
Avaya one-X Desktop Edition SIP Denial of Service Vulnerability
10/10/08
Avaya
Avaya Communication Manager Information Disclosure Vulnerability
10/10/08
Avaya
Avaya Communication Manager Arbitrary Command Execution Vulnerabilities
10/10/08
Nortel Networks
Nortel Multimedia Communication Server 5100 Multiple Vulnerabilities
09/10/08
Cisco
Cisco Unity Multiple Vulnerabilities
09/10/08
Cisco
Cisco Unity Script Insertion Vulnerability
09/10/08
SuSE
AdMan "campaignId" SQL Injection Vulnerability
09/10/08
SuSE
SUSE update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla
09/10/08
Debian
Debian update for iceweasel
09/10/08
Microsoft
OpenX "bannerid" SQL Injection Vulnerability
09/10/08
Microsoft
TorrentTrader Classic "completed-advance.php" SQL Injection
08/10/08
Microsoft
Mircosoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability
08/10/08
Opera Software
FreeRADIUS "dialup_admin" Insecure Temporary Files
08/10/08
Opera Software
Opera Multiple Vulnerabilities
08/10/08
Red Hat
Red Hat update for condor
08/10/08
Adobe Systems
Adobe Flash Player "Clickjacking" Security Bypass Vulnerability
08/10/08
Red Hat
Red Hat update for kernel
08/10/08
Gentoo
Gentoo update for wordnet
08/10/08
Debian
Debian update for php5
08/10/08
Debian
Debian update for php5
08/10/08
Parallels
H-Sphere webshell4 Cross-Site Scripting and Request Forgery
08/10/08
Debian
Debian update for squid
08/10/08
Novell
SUSE update for dovecot and graphicsmagic
08/10/08
SuSE
SUSE update for openssh
07/10/08
Novell
SUSE update for mercurial
07/10/08
Red Hat
Fedora update for mediawiki
07/10/08
Juniper Networks
Juniper Networks Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
07/10/08
SuSE
SUSE update for MozillaFirefox
07/10/08
IBM
IBM Lotus Quickr Security Issues and Denial of Service
07/10/08
HP
HP-UX NFS/ONCplus Denial of Service Vulnerability
07/10/08
Debian
D-Bus "_dbus_validate_signature_with_reason()" Denial of Service
07/10/08
Debian
Debian update for lighttpd
07/10/08
Microsoft
Microsoft Windows Vista Page Fault Handling Denial of Service
07/10/08
Microsoft
OpenX "bannerid" SQL Injection Vulnerability
07/10/08
VMware
VMware VirtualCenter Multiple Vulnerabilities
07/10/08
VMware
VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability
07/10/08
VMware
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities
07/10/08
Red Hat
Dovecot ACL Plugin Security Bypass Security Issues
07/10/08
Red Hat
Fastpublish CMS Multiple Vulnerabilities
06/10/08
Red Hat
Fedora update for pam_krb5
06/10/08
Debian
Debian update for feta
06/10/08
Red Hat
Fedora update for libxml2
06/10/08
Debian
Debian update for mplayer
06/10/08
OpenBSD
phpScheduleIt PHP "eval()" Injection Vulnerability
06/10/08
OpenBSD
OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
06/10/08
Novell
MediaWiki "useskin" Cross-Site Scripting Vulnerability
06/10/08
Novell
Novell eDirectory Multiple Vulnerabilities
06/10/08
Apple
Apple TV Multiple Vulnerabilities
03/10/08
Red Hat
XAMPP adodb.php Cross-Site Scripting Vulnerabilities
03/10/08
Red Hat
Red Hat update for pam_krb5
03/10/08
Avaya
Libxml2 Predefined Entities Denial of Service Vulnerability
03/10/08
Avaya
Avaya CMS Solaris Editors Tag File Handling Privilege Escalation
03/10/08
Avaya
Avaya CMS Solaris ACL for UFS File Systems Local Denial of Service
03/10/08
Blue Coat Systems
mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability
03/10/08
Blue Coat Systems
Blue Coat SGOS ICAP Patience Page Cross-Site Scripting Vulnerability
03/10/08
Red Hat
Red Hat update for tomcat
03/10/08
Microsoft
Microsoft Windows Mobile Bluetooth Device Name Denial of Service
03/10/08
MySQL
WikyBlog Multiple Cross-Site Scripting Vulnerabilities
03/10/08
MySQL
MySQL HTML Output Script Insertion Security Issue
03/10/08
Juniper Networks
Juniper NetScreen ScreenOS Script Insertion Vulnerability
03/10/08
FreeBSD Project
FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
03/10/08
Red Hat
Red Hat update for xen
03/10/08
SuSE
SUSE update for kernel
03/10/08
Apache Software Foundation
Xerces-C++ "maxOccurs" Denial of Service Vulnerability
03/10/08
Trend Micro
Trend Micro OfficeScan Multiple Vulnerabilities
03/10/08
Trend Micro
Trend Micro OfficeScan Directory Traversal Vulnerability
03/10/08
Red Hat
Red Hat update for thunderbird
03/10/08
Novell
SUSE update for kernel
03/10/08
Red Hat
Red Hat update for wireshark
03/10/08
SuSE
SUSE update for kernel
03/10/08
Mozilla Organization
PHP iCalendar Security Bypass Vulnerability
03/10/08
Mozilla Organization
EC-CUBE Multiple Vulnerabilities
03/10/08
Mozilla Organization
Mozilla Firefox "keypress" User Interface Event Dispatching Weakness
03/10/08
Red Hat
Fedora update for emacspeak
03/10/08
Sun Microsystems
Flip4Mac Importer Unspecified Vulnerabilities
03/10/08
Sun Microsystems
Sun Solaris X Server Extensions Multiple Vulnerabilities
03/10/08
Citrix Systems
Citrix Presentation Server Privilege Escalation Vulnerability
03/10/08