CVE-2012-4891 (firewall_analyzer)

Cross-site scripting (XSS) vulnerability in fw/ in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. (CVSS:5.0) (Last Update:2013-04-04)

WordPress 3.4.2 Maintenance and Security Release

WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions.

After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including:

  • Fix some issues with older browsers in the administration area.
  • Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
  • Improve plugin compatibility with the visual editor.
  • Address pagination problems with some category permalink structures.
  • Avoid errors with both oEmbed providers and trackbacks.
  • Prevent improperly sized header images from being uploaded.

Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.

Download 3.4.2 now or visit Dashboard → Updates in your site admin to update now.

Fixes for some bugs
Back to work on 3.5
It’s time to update


Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive “administrative back end” information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. (CVSS:5.0) (Last Update:2013-10-03)