Monthly Archives: July 2015
Security Updates for Node.js and io.js
Original release date: July 06, 2015
Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.
Available updates include:
- node.js-v0.12.6
- io.js-v2.2.3
- io.js-v1.8.3
Users and administrators are encouraged to review Node.js Blogpost for v0.12.6 and io.js ChangeLogs for v2.3.3 and v1.8.3 and apply the update.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2014-5406
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.
CVE-2015-1011
Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-3955
Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3957
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.
CVE-2015-3958
Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.
WideImage Demo Code Cross Site Scripting (XSS)
Posted by sikkandar.lynx on Jul 06
WideImage Demo Code Cross Site Scripting (XSS)
Description:
WideImage is an object-oriented library for image manipulation.
It requires PHP 5.2+ with GD2 extension. The library provides a simple way to loading, manipulating and saving images
in the most common image formats.
Type of vulnerability:
Reflected XSS
Threat level:
Medium
Tested on:
Windows 8.1
Product:
WideImage – An Open Source PHP library for image manipulation.
Version:…
Orchard CMS – Persistent XSS vulnerability
Posted by Paris Zoumpouloglou on Jul 06
—————–
Background
—————–
Orchard is a free, open source, community-focused content management
system written in ASP.NET platform using the ASP.NET MVC framework. Its
vision is to create shared components for building ASP.NET applications
and extensions, and specific applications that leverage these components
to meet the needs of end-users, scripters, and developers.
————————
Software Version…
Auditing folders ACLs with Powershell
Posted by Darío B on Jul 06
Hi all,
I would like to present a powershell script that helps you to check/audit
the compliance of the applied folder permissions to the shared folders
hosted by a file server according to the need-to-know defined in your
security policy.
This script allows to export the differences from the baseline (security
policy) so that you can further analyze that.
In these two posts you will find the details about the script and output:…