LinuxSecurity.com: HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications' behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in

LinuxSecurity.com: Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or

LinuxSecurity.com: These vulnerabilities can only by exploited remotely with user-assistance and in conjunction with other software receiving OOo documents over the network (like a kmail attachment).

LinuxSecurity.com: Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled

LinuxSecurity.com: Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE).

LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug. More details about this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 https://bugzilla.mozilla.org/show_bug.cgi?id=425576

LinuxSecurity.com: PHP Toolkit does not quote parameters, allowing for PHP source code disclosure on Apache, and a Denial of Service.

Some vulnerabilities have been discovered in EsContacts, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "msg" parameter in add_groupe.php, contacts.php, groupes.php, importer.php, login.php, and search.php is not properly sanitised before being returned

HP has acknowledged some vulnerabilities in HP OfO (Oracle for Openview). Some vulnerabilities have unknown impacts while others can be exploited by malicious users to bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), or

FreeBSD has issued an update for OpenSSH. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error allowing code running in the context of NetworkService and LocalService accounts to

Red Hat has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

A vulnerability has been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when displaying embedded fonts in PDF files. This can be exploited when

A vulnerability has been reported in Poppler, which can potentially be exploited by malicious people to compromise a vulnerable system.

Ubuntu has issued an update for KOffice. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

Ubuntu has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

Red Hat has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

Debian has issued an update for xpdf. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.