414 matches found
CVE-2018-25372
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...
CVE-2018-25374
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
CVE-2018-25374
CVE-2018-25374 affects Softneta MedDream PACS Server Premium 6.7.1.1. A directory-traversal vulnerability allows unauthenticated attackers to read arbitrary files by manipulating the path parameter, using requests to nocache.php with encoded backslash sequences. This can expose sensitive files in...
CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
EUVD-2018-21897
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...
EUVD-2018-21895
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...
CVE-2018-25372
CVE-2018-25372 : MedDream PACS Server Premium 6.7.1.1 contains an unauthenticated SQL injection in the email parameter of the userSignup.php endpoint. Crafting POST requests with SQL payloads can extract sensitive information from the backend MySQL database. The description explicitly states the ...
Softneta MedDream PACS Server Premium SQL注入漏洞
Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A SQL injection vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from malicious code injection via email parameters and could lead to execution of...
Softneta MedDream PACS Server Premium 路径遍历漏洞
Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A path traversal vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from a directory traversal and could allow an unauthenticated attacker to read...
MedDream PACS Premium Arbitrary File Read Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...
MedDream PACS Premium Cross-Site Scripting Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the sendOruReport feature. An attacker could exploit the...
CVE-2020-37009
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
EUVD-2020-30904
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
CVE-2020-37009
CVE-2020-37009 affects MedDream PACS Server 6.8.3.751. The connected records confirm an authenticated remote code execution vulnerability where an authorized user can upload PHP files via the uploadImage.php endpoint, enabling execution of arbitrary system commands with elevated privileges. CVSS ...
CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
CVE-2020-37009
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
PT-2026-5284
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...