3 matches found
CVE-2018-25374
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
CVE-2018-25124 PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI
PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...
CVE-2018-25124
PacsOne Server 6.6.2 (and likely earlier) is affected by a directory traversal (LFI) vulnerability in the web-based DICOM viewer. The issue allows a remote unauthenticated attacker to read arbitrary files via the nocache.php endpoint using a crafted path parameter. Exploitation evidence was obser...