198 matches found
CVE-2017-20059
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scripting Persistent. The attack may be launched remotely...
CVE-2017-20058
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting Persistent. The attack can be launched remotely. Upgrading to version...
CVE-2018-15601
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...
CVE-2017-20057
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to addres...
CVE-2017-20064
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to...
CVE-2017-20061
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert1%3E leads to basic cross site scripting Reflected. The...
CVE-2017-20062
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to...
CVE-2017-20060
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...
CVE-2024-50592
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-50592 Local Privilege Escalation via Race Condition
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-50592 Local Privilege Escalation via Race Condition
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-50592
CVE-2024-50592 describes a local privilege escalation in HASOMED Elefant software, via a race condition in the Elefant Update Service during repair/update. An attacker with local access can exploit the window between copying vulnerable executables to a user-writable folder (C:\Elefant1) and the f...
CVE-2024-50593
An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...
CVE-2024-50591
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...
CVE-2024-50590
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...
CVE-2024-50593 Hardcoded Service Password
An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...
CVE-2024-50593
CVE-2024-50593 affects the Elefant Service tool; a local attacker can access restricted functions via a hard-coded "Hotline" password embedded in the Elefant service binary, which is shipped with the software. Affected component is the Elefant Service binary used by HASOMED Elefant. The root caus...
CVE-2024-50593 Hardcoded Service Password
An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...
CVE-2024-50591 Local Privilege Escalation via Command Injection
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...
CVE-2024-50591
CVE-2024-50591 affects the Elefant Software Updater (ESU) on Windows. The vulnerability is a local privilege escalation via a command-injection flaw in the ESU service (running as NT AUTHORITY\SYSTEM) that can be triggered by sending a crafted MessageType.SupportServiceInfos message to the local ...