Lucene search
+L

187 matches found

RedhatCVE
RedhatCVE
added 2025/03/15 5:5 p.m.13 views

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

7.8CVSS7AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/03/13 5:15 p.m.10 views

CVE-2025-2284

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...

7.5CVSS0.05673EPSS
Exploits0References1
NVD
NVD
added 2025/03/13 5:15 p.m.38 views

CVE-2025-2263

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

9.8CVSS0.00851EPSS
Exploits2References1
NVD
NVD
added 2025/03/13 5:15 p.m.29 views

CVE-2025-2264

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...

7.5CVSS0.38656EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/13 4:35 p.m.4 views

CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...

7.5CVSS7.5AI score0.05673EPSS
Exploits0References1
CVE
CVE
added 2025/03/13 4:35 p.m.44 views

CVE-2025-2284

CVE-2025-2284 affects Santesoft Sante PACS Server (Sante PACS Server.exe). The vulnerability is a denial-of-service in the GetWebLoginCredentials function caused by an uninitialized pointer, per CVE listing (modeled as an Access of Uninitialized Pointer DoS). CVSSv3.1 metrics indicate Network acc...

7.5CVSS6.9AI score0.05673EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/13 4:35 p.m.17 views

CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...

7.5CVSS0.05673EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/13 4:33 p.m.6 views

CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

7.8CVSS7.7AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/13 4:33 p.m.17 views

CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

7.8CVSS0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/13 4:29 p.m.27 views

CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...

7.5CVSS0.38656EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/13 4:29 p.m.9 views

CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...

7.5CVSS7.4AI score0.38656EPSS
Exploits2References1
CVE
CVE
added 2025/03/13 4:29 p.m.118 views

CVE-2025-2264

CVE-2025-2264 describes a Path Traversal Information Disclosure in Sante PACS Server.exe. The nuclei template confirms an unauthenticated path traversal that allows reading arbitrary files from the server’s disk and cites Sante PACS Server

7.5CVSS7.4AI score0.38656EPSS
In wildExploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/13 4:25 p.m.9 views

CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

9.8CVSS9.9AI score0.00851EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/03/13 4:25 p.m.43 views

CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

9.8CVSS0.00851EPSS
Exploits2References1
CVE
CVE
added 2025/03/13 4:25 p.m.72 views

CVE-2025-2263

Sante PACS Server CVE-2025-2263 is a stack-based buffer overflow in the EVP_DecryptUpdate call during login in Sante PACS Server.exe. It passes a fixed 0x80-byte buffer as the output, allowing an unauthenticated remote attacker to send a long encrypted username/password to overflow the stack, wit...

9.8CVSS9.9AI score0.00851EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.10 views

PT-2025-11207 · Unknown · Sante Pacs Server.Exe

Name of the Vulnerable Software and Affected Versions: Sante PACS Server.exe affected versions not specified Description: A Path Traversal Information Disclosure issue exists in Sante PACS Server.exe, allowing an unauthenticated remote attacker to download arbitrary files on the disk drive where...

7.5CVSS9.2AI score0.38656EPSS
Exploits2References9
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.10 views

The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a perpetrator to trigger a service failure.

The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS7.2AI score0.0097EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.6 views

The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a perpetrator to trigger a service failure.

The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS7.2AI score0.0097EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.7 views

Santesoft Sante PACS Server 安全漏洞

Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...

7.8CVSS6.7AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.8 views

PT-2025-11206 · Unknown +1 · Sante Pacs Server.Exe +1

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The issue is related to a stack-based buffer overflow in the OpenSSL function EVP DecryptUpdate, which is called during login to the web server in Sante PACS Server.exe. This...

10CVSS9.7AI score0.00851EPSS
Exploits2References22
Rows per page
Query Builder