8 matches found
EUVD-2013-7263
Malware in sbrugna...
OpenEMR 4.1.1 new_comprehensive_save.php SQL Injection
SQL Injection vulnerability in OpenEMR newcomprehensivesave.php formpubpid parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
OpenEMR 4.1.1 logview.php SQL Injection
SQL Injection vulnerability in OpenEMR logview sortby parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities
No description provided by source. Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence xistenceat0x90.nl Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2...
CVE-2013-4619
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...
CVE-2013-4620
Cross-site scripting XSS vulnerability in interface/main/onotes/officecommentsfull.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter...
OpenEMR PHP File Upload Vulnerability
This module exploits a vulnerability found in OpenEMR 4.1.1 By abusing the ofcuploadimage.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been test...
OpenEMR 4.1.1 Shell Upload
?php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows,...