Debian Linux Security Advisory 3498-1 – Multiple security vulnerabilities have been found in the Drupal content management framework.

Debian Linux Security Advisory 3495-1 – Markus Krell discovered that xymon, a network and applications monitoring system, was vulnerable to incorrect data handling, incorrect permissions, and various other security issues.

Red Hat Security Advisory 2016-0308-01 – RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an “/api/…” URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

Debian Linux Security Advisory 3494-1 – Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.

Debian Linux Security Advisory 3497-1 – It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability.