what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

OpenEMR 5.0.0 Command Injection / Cross Site Scripting
Posted Dec 4, 2017
Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

OpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | ae3d7e59300638cb1a92e34e6480a979

Related Files

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection
Posted Dec 15, 2021
Authored by Stefan Pietsch | Site trovent.io

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.

tags | exploit, remote, sql injection
advisories | CVE-2021-41843
MD5 | b7a13a30aeb775263a8474635eae347a
OpenEMR 6.0.0 Insecure Direct Object Reference
Posted Sep 1, 2021
Authored by Allen Enosh Upputori

OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2021-40352
MD5 | cfdad061a5f147865a0eb5338656760f
OpenEMR 5.0.1.3 Shell Upload
Posted Jul 13, 2021
Authored by Alexandre Zanni

OpenEMR version 5.0.1.3 authenticated remote shell upload exploit that leverages a vulnerability discovered in 2018.

tags | exploit, remote, shell
advisories | CVE-2018-15139
MD5 | 42dde552844a71d54aa98a08c105ae9f
OpenEMR 5.0.1.7 Path Traversal
Posted Jul 5, 2021
Authored by Alexandre Zanni

OpenEMR version 5.0.17 path traversal exploit.

tags | exploit, file inclusion
advisories | CVE-2019-14530
MD5 | a7622ae19ddf3cafa635248b9528fd2c
OpenEMR 5.0.1.7 Path Traversal
Posted Jun 18, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-14530
MD5 | 9b189b539433dd288cb8f97ef2d49d86
OpenEMR 5.0.1.3 Authentication Bypass
Posted Jun 17, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-15152
MD5 | 0bfdd861dc16d07c1e19d41f3214b08b
OpenEMR 5.0.1.3 Shell Upload
Posted Jun 14, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2018-15139
MD5 | 7700613258c55d87cc8689ab8d49b6f7
OpenEMR 5.0.0 Remote Shell Upload
Posted Jun 11, 2021
Authored by Ron Jost

OpenEMR version 5.0.0 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2017-9380
MD5 | 12e2029d683e77944af7d9e8015af08d
OpenEMR 5.0.2.1 Remote Code Execution
Posted Apr 21, 2021
Authored by Hato0, BvThTrd

OpenEMR version 5.0.2.1 remote code execution exploit that drops in a reverse shell.

tags | exploit, remote, shell, code execution
MD5 | c677d36ae087cc222fd18886522e7400
OpenEMR 4.1.0 SQL Injection
Posted Apr 5, 2021
Authored by Michael Ikua

OpenEMR version 4.1.0 remote SQL Injection exploit.

tags | exploit, remote, sql injection
MD5 | 14553fa83810666e04f61e897a4946f0
OpenEMR 5.0.1 Remote Code Execution
Posted Aug 3, 2020
Authored by Alexandre Zanni | Site github.com

OpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.

tags | exploit, remote, code execution, ruby
MD5 | 0c4b5a66f0b188dd68ac3a5de13961d4
OpenEMR 5.0.1 Remote Code Execution
Posted Jun 28, 2020
Authored by Emre OVUNC

OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 23ed8b760daddea91e76635e26b35ede
OpenEMR Remote Code Execution
Posted May 26, 2020
Authored by Musyoka Ian

OpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 87a864957a5dc630242ec3e29a88bed1
OpenEMR 5.0.1.3 File Read / Write / Delete
Posted Aug 16, 2018
Authored by Joshua Fam

OpenEMR version 5.0.1.3 suffers from arbitrary file read, write, and delete vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-15140, CVE-2018-15141, CVE-2018-15142
MD5 | 8c5ed52e9a7bf67bc17c83f353a1e80f
OpenEMR 5.0.1.3 Remote Code Execution
Posted Aug 7, 2018
Authored by Cody Zacharias

OpenEMR version 5.0.1.3 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 214119ee9c04f9480c280b81d78d0e9d
OpenEMR 4.2.0 Authentication Bypass
Posted Jun 19, 2015
Authored by Brian D. Hysell

OpenEMR versions 4.2.0 and 4.2.0 patch 1 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2015-4453
MD5 | b1ce5eba069c8568b01d087def397c4c
openEMR 4.2.0 Cross Site Scripting / SQL Injection
Posted Mar 24, 2015
Authored by Steffen Roesemann

openEMR version 4.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 318c9532d067f3ca1c949cdff838e70a
OpenEMR 4.1.2(7) SQL Injection
Posted Dec 5, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

OpenEMR versions 4.1.2(7) and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-5462
MD5 | f5a1a6caaa8d8207f92143b2089aedf7
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
Posted Sep 20, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
MD5 | 35fc05e9cd467ed94aa6be2b04ec3c52
OpenEMR 4.1.1 Patch 14 SQL Injection / Shell Upload
Posted Sep 17, 2013
Authored by xistence

OpenEMR version 4.1.1 Patch 14 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | fc85bb950ca8fefa1757abd901f0ab41
OpenEMR 4.1.1 patch-12 Cross Site Scripting / SQL Injection
Posted Jul 14, 2013
Authored by Nate Drier | Site trustwave.com

OpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2013-4619, CVE-2013-4620
MD5 | fc87446e60ffe507fc1064a5a41b99c6
OpenEMR 4.1.1 Cross Site Scripting
Posted Feb 21, 2013
Authored by LiquidWorm | Site zeroscience.mk

OpenEMR version 4.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0fbde4d31377b7430b3c3cf63f25b72a
OpenEMR PHP File Upload
Posted Feb 20, 2013
Authored by LiquidWorm, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-90222
MD5 | c7b131604319426cce134fab1a42a85f
OpenEMR 4.1.1 Shell Upload
Posted Feb 13, 2013
Authored by LiquidWorm | Site zeroscience.mk

OpenEMR version 4.1.1 suffers from an arbitrary file upload vulnerability in ofc_upload_image.php. Included is an exploit that triggers a reverse shell.

tags | exploit, arbitrary, shell, php, file upload
MD5 | 8cdeee15077a4e302c0d3ab4d82ca80a
OpenEMR 4.1.0 Local File Inclusion / Command Execution
Posted Feb 2, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

OpenEMR version 4.1.0 suffers from local file inclusion and arbitrary command execution vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, file inclusion
MD5 | 8e52a944abfc1d0fef5c1ff42017775c
Page 1 of 4
Back1234Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close