Post-Cyberattack, UVM Health Network Still Picking Up Pieces

More than a month after a cyberattack hit the University of Vermont UVM health network, the organization is still working to recover its systems. The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicia...

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

Sql injection

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

CVE-2016-6272

CVE-2016-6272 concerns Epic MyChart, where an XPath injection vulnerability exists in the help.asp topic parameter. The underlying issue allows remote attackers to access contents of an XML document containing static display strings (e.g., field labels). The vulnerability is reported as pre-authe...

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

EPIC MyChart - SQL Injection Vulnerability

Exploit for asp platform in category web applications Exploit Title: Epic Systems Corporation MyChart SQL Injection Google Dork: MyChart® licensed from Epic Systems Corporation Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software...

EPIC MyChart - X-Path Injection

EPIC MyChart - X-Path Injection Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software...

EPIC MyChart - X-Path Injection

Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...

EPIC MyChart X-Path Injection

Exploit Title: Epic Systems Corporation MyChart SQL Injection Google Dork: MyChartAr licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested on:...