NotCVE - vendor:"Open-emr" product:"Openemr" version:"

Page 26 of 134 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3

CVE-2011-5160 – OpenEMR 4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-5160

Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenEMR v4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro site. • https://www.exploit-db.com/exploits/18274 https://www.exploit-db.com/exploits/17118 http://www.exploit-db.com/exploits/18274 https://exchange.xforce.ibmcloud.com/vulnerabilities/71982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3

CVE-2012-2115 – OpenEMR 4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-2115

SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. Vulnerabilidad de inyección SQL en interface/login/validateUser.php en OpenEMR v4.1.0 y posiblemente versiones anteriores, permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro u. • https://www.exploit-db.com/exploits/18274 http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html http://seclists.org/fulldisclosure/2012/Jan/27 http://www.exploit-db.com/exploits/18274 http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.openwall.com/lists/oss-security/2012/04/17/1 http://www.openwall.com/lists/oss-security/2012/04/18/7 http://www.osvdb.org/78132 http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2011-5161 – OpenEMR 4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. Vulnerabilidad de subida de ficheros sin restricciones en la funcionalidad fotografía de paciente en OpenEMR v4, permite a atacantes remotos ejecutar código PHP de su elección mediante la carga de un archivo con una extensión ejecutable seguido de una extensión segura, accediendo entonces a él a través de una solicitud dirigida directamente al directorio del pacientes bajo documents/. • https://www.exploit-db.com/exploits/18274 http://www.exploit-db.com/exploits/18274 https://exchange.xforce.ibmcloud.com/vulnerabilities/71981 •

CVSS: 8.5EPSS: 2%CPEs: 1EXPL: 3

CVE-2012-0992 – OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution

https://notcve.org/view.php?id=CVE-2012-0992

interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. interface/fax/fax_dispatch.php en OpenEMR v4.1.0, permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de metacaracteres de linea de comandos en el parámetro file. • https://www.exploit-db.com/exploits/36651 http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html http://osvdb.org/78731 http://secunia.com/advisories/47781 http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.securityfocus.com/bid/51788 https://exchange.xforce.ibmcloud.com/vulnerabilities/72915 https://www.htbridge.ch/advisory/HTB23069 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 60%CPEs: 1EXPL: 6

CVE-2012-0991 – OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion

https://notcve.org/view.php?id=CVE-2012-0991

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. Múltiples vulnerabilidades de salto de directorio en OpenEMR v4.1.0, permite a usuarios autenticados remotamente leer archivos de su elección a través de un .. (punto punto) en el parámetro formname en (1) contrib/acog/print_form.php; o (2) load_form.php, (3) view_form.php, o (4) trend_form.php en interface/patient_file/encounter. • https://www.exploit-db.com/exploits/36650 https://www.exploit-db.com/exploits/36649 https://www.exploit-db.com/exploits/36648 http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html http://osvdb.org/78727 http://osvdb.org/78728 http://osvdb.org/78729 http://osvdb.org/78730 http://secunia.com/advisories/47781 http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.securityfocus.com/bid/51788 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1...24 25 26 27