Secunia Security Advisory - Red Hat has issued an update for vixie-cron. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
77bdb1f5c20cc84df9073cf9da9e159a4192434e9be95679b3cec69e9a6b6700
Secunia Security Advisory - SUSE has issued an update for horde3-dimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
72fd9f71a0d50050454fd26cc2f53d5e3241e2ecb76902f4fd2aab5079a99e5a
Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a weakness, which can be exploited by malicious, local users to disclose system and sensitive information.
ebe595c3269f2ab72642ce341926dc7679397e48616e6b95c914c0763d237e29
Secunia Security Advisory - Ubuntu has issued an update for libvorbis. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
aad0395e3737c088a888b072b8af84cbadeecb81482fce6e2a57f6572b1e21d4
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
LiveHelpNow Chat suffers from a cross site scripting vulnerability.
c7da3d8a255a228bb5781872e2a24647b4693cab9c65d38e7ff8f7577d6f656e
ForkCMS version 3.2.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
f2cfea65c69290c2400796628d74f7f284984e06498860b68fdbae6498326dde
WordPress SB Uploader suffers from a shell upload vulnerability.
09540ead48d9b07bb24b81a82dcf0e7504f9c95e04a027b3e35a157f61d8b56d
Oxwall version 1.1.1 suffers from a cross site scripting vulnerability.
76126454b1f8af8d6ded66a2ae1b6dc820df8b16078413f29dbc4fa49814a965
Mercurycom MR804 Router version 3.8.1 Build 101220 Rel.53006nB suffers from a denial of service vulnerability when fed multiple HTTP headers.
bcb466aefafb323238fa7776d12c39fca5da5fac0996900812c40f57e49cb5ef
SocialCMS suffers from cross site scripting and remote SQL injection vulnerabilities.
bc33218ae39f4007e8dc2ab90a274b5c00ac5ecdf7b09d8989f0a386cbd278bb
CMS Wizard suffers from a cross site scripting vulnerability.
d5bf91300b372e2467fae5ee7025e46bef42f879c5ab0cf4afc9e514b56d62ef
The Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.
bfb35b1a670f2df0c8e171cb6cac8009146ebfef18fbcd82c5a7420cf409e60f
P-Chat version 0.9 suffers from a cross site scripting vulnerability.
e2f7ec196b46b488f6a7f3fb0e8fa423c504ca6ef2d19bf25cc64f1c992e5884
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
855bcceb07688d98414efd3e963cb6ddd7ed293ef28ec31ac1b5a96d5409d7a9
Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccd
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
a47b8edfd1d4bed1bde89335a2a2494f395ff12d9652b721790b470340985519
Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
286bd54779b5c16c26d69ad0f13809a6a3ffda1eb265fbfeaf74bff12f263554
Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
b8876c9ae50f95f261a5d9e36d175f49669c64dc3f0cceabc82a13bd6ce2da34