Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. Date published : 2018-08-13 https://github.com/openemr/openemr/pull/1758/files...
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the...
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete....
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get....
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form...
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. Date published : 2018-08-13 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Date published :...
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. Date published...
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization...
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a...
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Date published : 2018-08-13 https://sourceforge.net/p/tikiwiki/code/66809 http://www.openwall.com/lists/oss-security/2018/08/02/2
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed...
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files...
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files...