187 matches found
CVE-2025-2265
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...
CVE-2025-2284
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...
CVE-2025-2263
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...
CVE-2025-2264
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...
CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...
CVE-2025-2284
CVE-2025-2284 affects Santesoft Sante PACS Server (Sante PACS Server.exe). The vulnerability is a denial-of-service in the GetWebLoginCredentials function caused by an uninitialized pointer, per CVE listing (modeled as an Access of Uninitialized Pointer DoS). CVSSv3.1 metrics indicate Network acc...
CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe"...
CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...
CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...
CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...
CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...
CVE-2025-2264
CVE-2025-2264 describes a Path Traversal Information Disclosure in Sante PACS Server.exe. The nuclei template confirms an unauthenticated path traversal that allows reading arbitrary files from the server’s disk and cites Sante PACS Server
CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...
CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...
CVE-2025-2263
Sante PACS Server CVE-2025-2263 is a stack-based buffer overflow in the EVP_DecryptUpdate call during login in Sante PACS Server.exe. It passes a fixed 0x80-byte buffer as the output, allowing an unauthenticated remote attacker to send a long encrypted username/password to overflow the stack, wit...
PT-2025-11207 · Unknown · Sante Pacs Server.Exe
Name of the Vulnerable Software and Affected Versions: Sante PACS Server.exe affected versions not specified Description: A Path Traversal Information Disclosure issue exists in Sante PACS Server.exe, allowing an unauthenticated remote attacker to download arbitrary files on the disk drive where...
The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a perpetrator to trigger a service failure.
The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a perpetrator to trigger a service failure.
The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Santesoft Sante PACS Server 安全漏洞
Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...
PT-2025-11206 · Unknown +1 · Sante Pacs Server.Exe +1
Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The issue is related to a stack-based buffer overflow in the OpenSSL function EVP DecryptUpdate, which is called during login to the web server in Sante PACS Server.exe. This...