NVD

CVE-2018-8340

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.
Categories: NVD

CVE-2018-15154

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.
Categories: NVD

CVE-2018-15155

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php.
Categories: NVD

CVE-2018-15156

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
Categories: NVD

CVE-2018-15172

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
Categories: NVD

CVE-2018-8200

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.
Categories: NVD

CVE-2018-8204

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200.
Categories: NVD

CVE-2018-15147

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
Categories: NVD

CVE-2018-15148

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
Categories: NVD

CVE-2018-15149

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
Categories: NVD

CVE-2018-15150

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.
Categories: NVD

CVE-2018-15151

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
Categories: NVD

CVE-2018-15152

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
Categories: NVD

CVE-2018-15153

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
Categories: NVD

CVE-2018-0952

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
Categories: NVD

CVE-2018-10369

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
Categories: NVD

CVE-2018-10917

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Categories: NVD

CVE-2018-11687

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.
Categories: NVD

CVE-2018-12056

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.
Categories: NVD

CVE-2018-15138

NVD Vulnerabilities - Wed, 08/15/2018 - 13:29
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
Categories: NVD