This Metasploit module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.
8f2ecf1201b59abdcaedb189bb29a75443dfe162b8acf3116d81747473b35059
LabCollector version 5.423 suffers from a remote SQL injection vulnerability.
558fde6b07b8217645cc076150f4f18c222b86843803f426bb147f12bc747049
C4G Basic Laboratory Information System (BLIS) version 3.4 suffers from a remote SQL injection vulnerability.
105a483e409804b0fff0748e498f8c46b68c513d439a743dd34f7fe6876f970f
Care2x (HIS) Hospital Information System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
7fc5fdbcf20a9682fd649b4d323eef6cafd150b6aeb1e0ea568f52f70cce40de
LibreHealth version 2.0.0 suffers from arbitrary file read, file delete, and local file inclusion vulnerabilities.
5dbfd7536170cce270dbed21e88a4fc1be6488c248afcb812f737145f462a588
Softneta MedDream PACS Server Premium version 6.7.1.1 suffers from a directory traversal vulnerability.
194ac197adc1113681f2469fa338d08273a5ee040d21692b985a3a36c07de39d
MedDream PACS Server Premium version 6.7.1.1 suffers from a remote SQL injection vulnerability.
d808855c26366de2a644f78799999dc698975c07b3a41b5939697b9c5448dea5
Dicoogle PACS version 2.5.0 suffers from a directory traversal vulnerability.
7fd55fe723ff132f7fd29570edbc2c78e4c7ef52eb41442b183ce26f74c8a23f
PACSOne Server version 6.6.2 DICOM Web Viewer suffers from a directory traversal vulnerability.
8d5c8c155ad89a7a3044e6f849518130dbd7b096229f94fb11378d78060247cb
PACSOne Server version 6.6.2 DICOM Web Viewer suffers from a remote SQL injection vulnerability.
77e4372120a491026617430c318387596bd299311ac58c8535102f7e06d9757f