7 matches found
CVE-2005-2285
CVE-2005-2285 concerns WebEOC prior to version 6.0.2, where sensitive information was stored in insecure locations such as URIs, web pages, and configuration files. This could allow remote attackers to obtain credentials and other sensitive data (e.g., usernames, passwords, emergency and medical ...
CVE-2005-2282
WebEOC (before 6.0.2) contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via unknown vectors. The issue is addressed in version 6.0.2, which adds validation checks to vulnerable input fields. The CVE references come from multip...
CVE-2005-2284
WebEOC prior to version 6.0.2 contains multiple SQL injection vulnerabilities that allow remote attackers to modify SQL statements, potentially viewing or modifying data or issuing database commands. Affected component is the WebEOC web application; the underlying issue is improper input filterin...
CVE-2005-2286
CVE-2005-2286 affects WebEOC prior to 6.0.2. The issue is improper authorization checks, allowing remote attackers to gain privileges by directly requesting a resource. Public sources in the connected documents confirm that privileges/authorizations are tied to client-side resources and that dire...
CVE-2005-2283
WebEOC before 6.0.2 does not properly restrict uploaded file sizes, allowing authenticated users to cause a denial of service through large uploads. Affected product: WebEOC (before 6.0.2); vulnerability affects the upload handling that stores file data in the database, consuming system/database ...
CVE-2005-4002
CVE-2005-4002 affects WebEOC prior to 6.0.2. The vulnerability arises because the same secret key is used across all installations, enabling anyone with the key to decrypt data from any WebEOC deployment. The available documents do not specify a fixed root cause mechanism beyond the shared-key is...
CVE-2005-4029
WebEOC (pre-6.0.2) is affected by CVE-2005-4029. The issue allows remote attackers to read valid usernames from the HTML source on the WebEOC login page, which could enable further attacks such as brute-forcing to lock out legitimate users. The connected Red Hat and CVE records confirm the same v...