PT-2023-2644 · Oracle · Oracle Health Sciences Inform

Name of the Vulnerable Software and Affected Versions: Oracle Health Sciences InForm versions prior to 6.3.1.3 Oracle Health Sciences InForm versions prior to 7.0.0.1 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm...

PT-2023-2645 · Oracle · Oracle Health Sciences Inform

Name of the Vulnerable Software and Affected Versions: Oracle Health Sciences InForm versions prior to 6.3.1.3 Oracle Health Sciences InForm versions prior to 7.0.0.1 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm...

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in the Core component of Oracle Health Sciences Applications version 6.3.1.3 and earlier and version 7.0.0.1 and earlier. A highly...

inform-oberstdorf.de Cross Site Scripting vulnerability OBB-3252492

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

media.ukraine-inform.com Cross Site Scripting vulnerability OBB-3126998

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2019-15688

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypas...

CVE-2019-11451

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

Sql injection

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

CVE-2019-11451

CVE-2019-11451 affects the web app "whatsns 4.0". A SQL injection vulnerability exists in the parameterized endpoint: index.php?inform/add.html with the qid parameter. The root cause is unsanitized input leading to SQL injection, enabling an attacker to potentially read/modify data and affect ava...

CVE-2019-11451

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

Design/Logic Flaw

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

Improper access control

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 Serial number below 14000 and 04.x before 04.03.00 Serial Number above 14000, CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 Serial...

CVE-2018-18561

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

CVE-2018-18563

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 Serial number below 14000 and 04.x before 04.03.00 Serial Number above 14000, CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 Serial...

CVE-2018-18564

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 Serial number below 14000 and 04.x before 04.03.00 Serial Number above 14000, CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 Serial number above KQ0400000 or KS0400000. Improper access control allow...

CVE-2018-18562

CVE-2018-18562 is an OS command injection vulnerability in Roche Accu-Chek Inform II Base Unit / Base Unit Hub and CoaguChek / cobas h232 Handheld Base Unit, before 03.01.04. The root cause is insecure operation allowing authenticated attackers in the adjacent network to execute arbitrary command...

CVE-2018-18563

CVE-2018-18563 : Affected Roche Diagnostics handheld medical devices (Accu-Chek Inform II Instrument; CoaguChek Pro II; CoaguChek XS Plus/XS Pro; cobas h 232) prior to specific versions exhibit Improper Access Control to a service command. This allows attackers in the adjacent network to execute ...

CVE-2018-18564

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 Serial number below 14000 and 04.x before 04.03.00 Serial Number above 14000, CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 Serial number above KQ0400000 or KS0400000. Improper access control allow...

CVE-2018-18561

The CVE concerns Roche Accu-Chek Inform II Base Unit/Base Unit Hub (before 03.01.04) and CoaguChek/cobas h232 Handheld Base Unit (before 03.01.04), where insecure permissions in a service interface allow an authenticated attacker in the adjacent network to execute arbitrary OS commands. The issue...

Multiple Roche Device Permission License and Access Control Vulnerabilities (CNVD-2018-25431)

The Roche Accu-Chek Inform II Instrument, CoaguChek Pro II and cobas h 232 are handheld blood testing medical devices from Roche, Switzerland. A privilege-permission and access-control vulnerability exists in multiple Roche devices, which can be exploited by an attacker via a specially crafted...