8 matches found
CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
Debian DSA-5473-1 : orthanc - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5473 advisory. It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary...
[SECURITY] [DSA 5473-1] orthanc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5473-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2023 https://www.debian.org/security/faq -...
CVE-2023-33466
creationtimestamp| type| source ---|---|--- 2023-06-29 18:14:26+00:00| seen| https://t.me/cibsecurity/65721 2023-10-25 07:00:06+00:00| published-proof-of-concept| https://t.me/TopCyberTechNews/381 2023-11-29 22:26:03+00:00| published-proof-of-concept| https://t.me/cKure/12040 2023-12-02...
CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
CVE-2023-33466
Orthanc ≤ 1.12.0 allows authenticated API users to overwrite arbitrary files and, in certain configurations, trigger RCE. Debian advisories backported RestApiWriteToFileSystemEnabled in the configuration (default enabled in some releases) and provide patched versions: bullseye 1.9.2+…deb11u1, boo...