Lucene search
K
Esi ProductsWebeoc

7 matches found

CVE
CVE
added 2005/07/17 4:0 a.m.55 views

CVE-2005-2285

CVE-2005-2285 concerns WebEOC prior to version 6.0.2, where sensitive information was stored in insecure locations such as URIs, web pages, and configuration files. This could allow remote attackers to obtain credentials and other sensitive data (e.g., usernames, passwords, emergency and medical ...

5CVSS6.3AI score0.01302EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.50 views

CVE-2005-2282

WebEOC (before 6.0.2) contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via unknown vectors. The issue is addressed in version 6.0.2, which adds validation checks to vulnerable input fields. The CVE references come from multip...

4.3CVSS5.8AI score0.01008EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.48 views

CVE-2005-2284

WebEOC prior to version 6.0.2 contains multiple SQL injection vulnerabilities that allow remote attackers to modify SQL statements, potentially viewing or modifying data or issuing database commands. Affected component is the WebEOC web application; the underlying issue is improper input filterin...

7.5CVSS7.8AI score0.01225EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.47 views

CVE-2005-2286

CVE-2005-2286 affects WebEOC prior to 6.0.2. The issue is improper authorization checks, allowing remote attackers to gain privileges by directly requesting a resource. Public sources in the connected documents confirm that privileges/authorizations are tied to client-side resources and that dire...

10CVSS6.9AI score0.02191EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.46 views

CVE-2005-2283

WebEOC before 6.0.2 does not properly restrict uploaded file sizes, allowing authenticated users to cause a denial of service through large uploads. Affected product: WebEOC (before 6.0.2); vulnerability affects the upload handling that stores file data in the database, consuming system/database ...

2.1CVSS6.2AI score0.0048EPSS
CVE
CVE
added 2005/12/05 12:0 a.m.41 views

CVE-2005-4002

CVE-2005-4002 affects WebEOC prior to 6.0.2. The vulnerability arises because the same secret key is used across all installations, enabling anyone with the key to decrypt data from any WebEOC deployment. The available documents do not specify a fixed root cause mechanism beyond the shared-key is...

4CVSS6.9AI score0.00982EPSS
CVE
CVE
added 2005/12/05 11:0 a.m.39 views

CVE-2005-4029

WebEOC (pre-6.0.2) is affected by CVE-2005-4029. The issue allows remote attackers to read valid usernames from the HTML source on the WebEOC login page, which could enable further attacks such as brute-forcing to lock out legitimate users. The connected Red Hat and CVE records confirm the same v...

5CVSS6.8AI score0.01345EPSS