NotCVE - vendor:"Openemr" product:"Openemr" version:"4.1.0"

Page 9 of 93 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-10571

https://notcve.org/view.php?id=CVE-2018-10571

30 Apr 2018 — Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12)... • https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10572

https://notcve.org/view.php?id=CVE-2018-10572

30 Apr 2018 — interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. interface/patient_file/letter.php en OpenEMR, en versiones anteriores a la 5.0.1, permite que usuarios autenticados remotos omitan las restricciones de acceso planeadas mediante los parámetros newtemplatename y form_body. • https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90 •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-1000241

https://notcve.org/view.php?id=CVE-2017-1000241

17 Nov 2017 — The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. La aplicación OpenEMR en versiones 5.0.0, 5.0.1-dev y anteriores se ve afectada por una vulnerabilidad de escalado vertical de privilegios. Esta vulnerabilidad puede permitir que los usuarios no administradores autenticados visualicen y modifiquen informaci... • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-004 • CWE-269: Improper Privilege Management •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-1000240

https://notcve.org/view.php?id=CVE-2017-1000240

17 Nov 2017 — The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. La aplicación OpenEMR se ve afectada por múltiples vulnerabilidades de Cross-Site Scripting (XSS) reflejado que afectan a las versiones 5.0.0 y anteriores. Estas vulnerabilidades podrían permitir que atacantes remotos autenticados inyecten scripts web o... • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16540

https://notcve.org/view.php?id=CVE-2017-16540

04 Nov 2017 — OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. OpenEMR en versiones anteriores a la 5.0.0 Patch 5 permite la copia remota sin autenticar de bases de datos debido a que setup.php expone la funcionalidad de clonado para un sitio OpenEMR existente a un servidor arbitrario controlado por el atacante, mediante v... • http://www.open-emr.org/wiki/index.php/OpenEMR_Patches • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 4

CVE-2017-9380 – OpenEMR 5.0.0 - Remote Code Execution (Authenticated)

https://notcve.org/view.php?id=CVE-2017-9380

02 Jun 2017 — OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. OpenEMR versión 5.0.0 y anteriores, permite a los usuarios poco privilegiados cargar archivos de tipos peligrosos, lo que puede resultar en la ejecución de código arbitraria en el contexto de la aplicación vulnerable. • https://packetstorm.news/files/id/163087 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 21%CPEs: 10EXPL: 0

CVE-2015-4453 – OpenEMR 4.2.0 Authentication Bypass

https://notcve.org/view.php?id=CVE-2015-4453

19 Jun 2015 — interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php. interface/globals.php en OpenEMR 2.x, 3.x y 4.x en versiones anteriores a 4.2.0 patch 2 permite a atacantes remotos eludir la autenticación y obtener información sensible a través de un valor ignoreAuth=1 a... • http://jvn.jp/en/jp/JVN22677713/index.html • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 5

CVE-2014-5462 – OpenEMR 4.1.2 - Multiple SQL Injections

https://notcve.org/view.php?id=CVE-2014-5462

05 Dec 2014 — Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interfa... • https://packetstorm.news/files/id/129403 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3

CVE-2012-2115 – OpenEMR 4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-2115

09 Sep 2012 — SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. Vulnerabilidad de inyección SQL en interface/login/validateUser.php en OpenEMR v4.1.0 y posiblemente versiones anteriores, permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro u. • https://www.exploit-db.com/exploits/18274 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2011-5161 – OpenEMR 4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-5161

09 Sep 2012 — Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. Vulnerabilidad de subida de ficheros sin restricciones en la funcionalidad fotografía de paciente en OpenEMR v4, permite a atacantes remotos ejecutar código PHP de su elección mediante la carga de un archi... • https://www.exploit-db.com/exploits/18274 •

1...7 8 9 10