Monthly Archive: July 2015

Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block....

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings...

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template. Date published : 2015-07-06 http://www.securityfocus.com/bid/70046 http://projects.theforeman.org/issues/7483

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. Date published : 2015-07-06 http://www.securityfocus.com/bid/75515 http://www.zerodayinitiative.com/advisories/ZDI-15-275/

Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method....

Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the...

Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854. Date published : 2015-07-06 http://www.securityfocus.com/bid/75464 http://tools.cisco.com/security/center/viewAlert.x?alertId=39562

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. Date published : 2015-07-06 http://www.securityfocus.com/bid/75403 http://www.zerodayinitiative.com/advisories/ZDI-15-256/

Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. Date published : 2015-07-06 http://www.securityfocus.com/bid/75404 http://www.zerodayinitiative.com/advisories/ZDI-15-257/

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Date published : 2015-07-06...

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Date published : 2015-07-06 http://www.securityfocus.com/bid/75136 http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Date published : 2015-07-06 http://www.securityfocus.com/bid/75132 http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents...

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Date published : 2015-07-06 http://www.securityfocus.com/bid/75462 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04718530