Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
dd9f44430c3792f55cfd3b79094cd29f9db03840ccee1c6521b22f3081775a29
Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937
Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.
93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in RSA Authentication Manager, where one has an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
6871bb443e248f143250863d34a3fd0cc710b9b637e301e68424b82f1145adb8
Secunia Security Advisory - Multiple vulnerabilities have been reported in libexif, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise an application using the library.
6b2c585576127f1db10d1047e74dd85a38e763764dc85ee0e7a8d3e2767e02a1
Secunia Security Advisory - Debian has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
14064543ef2fdbdf774a8393a8b544ee163fa52392342819ee9e4dbf0e6ee0b2
Secunia Security Advisory - A weakness and some vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to disclose potentially sensitive information and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
3f71f385618b83d19dabec7f09744d3e1f53d5b05c8b534f77ce5b57c923b164
Secunia Security Advisory - Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
47a76f37dddcb906d549b86ea166e660e939cb8fc5c91cf36d9e84456224bb63
Secunia Security Advisory - Debian has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to disclose and manipulate certain data, and by malicious people to bypass certain security restrictions.
8d657c968e3e7024957213769e736137480c67e90b995aacce521533032e065e
Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671
phpBB appears to suffer from a remote shell upload vulnerability in uploadpic.php.
05ffa5740e6c7d20832cedab4c4171f8e7caab9770f3be6cc37932d09a7ef2fb