51 matches found
EUVD-2015-4611
Malware in sbrugna...
EUVD-2015-4613
Malware in sbrugna...
EUVD-2017-14670
Malware in sbrugna...
EUVD-2015-4612
Malware in sbrugna...
EUVD-2017-14671
Malware in sbrugna...
EUVD-2017-14698
Malware in sbrugna...
EUVD-2017-14697
Malware in sbrugna...
eClinicalWorks Patient Portal Cross-Site Scripting Vulnerability
eClinicalWorks PatientPortal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. A cross-site scripting vulnerability exists in the raceMasterList.jsp...
eClinicalWorks healow@work SQL Injection Vulnerability
eClinicalWorks healow@work is a product for healthcare applications from eClinicalWorks, Inc. that provides a set of platforms for physicians to share health records. An SQL injection vulnerability exists in the EmployeePortalServlet page in eClinicalWorks healow@work version 8.0 build 8. An...
eClinicalWorks Patient Portal SQL Injection Vulnerability (CNVD-2017-01321)
eClinicalWorks Patient Portal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. An SQL injection vulnerability exists in the template.jsp file in...
eClinicalWorks Patient Portal SQL Injection Vulnerability
eClinicalWorks Patient Portal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. An SQL injection vulnerability exists in the messageJson.jsp file in...
CVE-2017-5598
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...
Sql injection
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...
CVE-2017-5599
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not requir...
CVE-2017-5599
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not requir...
Cross site scripting
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not requir...
CVE-2017-5598
This CVE refers to eClinicalWorks healow@work 8.0 build 8, where a blind SQL injection exists in the EmployeePortalServlet. The vulnerability is exploitable by unauthenticated attackers via an HTTP POST to the EmployeePortalServlet page, affecting the employer parameter, and can be used to exfilt...
CVE-2017-5599
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not requir...
CVE-2017-5598
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...
CVE-2017-5599
CVE-2017-5599 affects eClinicalWorks Patient Portal 7.0 build 13, specifically the raceMasterList.jsp page. The vulnerability is a reflected Cross-Site Scripting issue where an attacker can inject payload via the parameter race, with the payload rendered in the portal. The page does not require a...