CVE-2020-28406

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature...

CVE-2020-28406

CVE-2020-28406 affects Star Practice Management Web version 2019.2.0.6, with an improper authorization flaw that lets an unauthorized user view details about jobs they should not access via the Audit Trail feature. The connected records confirm the same vulnerability description across multiple s...

CVE-2020-28405

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the...

CVE-2020-28405

CVE-2020-28405 concerns an improper authorization flaw in Star Practice Management Web version 2019.2.0.6. An unauthorized user can change privileges for any user, enabling self-authorization to the administrative role or removing all administrative accounts. The vulnerability is described consis...

CVE-2020-28404

CVE-2020-28404 affects Star Practice Management Web (version 2019.2.0.6). The connected documents describe an improper authorization vulnerability that allows an unauthorized user to access the Billing page without the appropriate privileges, indicating an access-control error in the web applicat...

CVE-2020-28403

The CVE-2020-28403 entry concerns Star Practice Management Web (v2019.2.0.6) and describes a Cross-Site Request Forgery (CSRF) vulnerability that can allow an attacker to change privileges for any user, including granting themselves admin or removing an admin account. The provided connected docum...

CVE-2020-28402

CVE-2020-28402 affects Star Practice Management Web (v2019.2.0.6). The issue is an improper authorization that could allow an unauthorized user to access the Launcher Configuration Panel. Documented by multiple sources (NVD, Red Hat, CNVD and others) with no public exploitation details or fixes p...

CVE-2020-28402

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel...

CVE-2020-28401

CVE-2020-28401 affects Star Practice Management Web (version 2019.2.0.6). The cited entries describe an improper authorization vulnerability that allows an unauthorized user to access WIP details for jobs they should not see. The core issue is access control: an attacker can retrieve sensitive WI...

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service used for time-based billing by Star Computer UK.An access control error vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an attacker to The vulnerability can be exploited to change the...

OpenEMR Cross-Site Request Forgery Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A cross-site request forgery vulnerability exists in OpenEMR 5.0.2, 6.0.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to execute an arbitrary request in...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service from Star Computer UK that applies billing based on time.An access control error vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an unauthorized The vulnerability can be exploited by a...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service used for time-based billing by Star Computer, a UK-based company. The vulnerability can be exploited to access the WIP details of unauthorized jobs...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service applied to billing based on time by Star Computer UK.An access control error vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an unauthorized The vulnerability can be exploited by an...

Star Computer Star Practice Management Web 跨站请求伪造漏洞

Star Computer Star Practice Management Web is a web service used for time-based billing by Star Computer UK.A cross-site request forgery vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an attacker to The vulnerability can be exploited to change...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service used for time-based billing by Star Computer UK.An access control error vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an attacker to The vulnerability accesses details of unauthorize...

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...

WhatsApp Has Shared Your Data With Facebook for Years

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016...

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...