VYPR

Pacs Server

by Sante

CVEs (24)

  • CVE-2018-25113HigJul 23, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the…

  • CVE-2020-37009HigJan 29, 2026
    risk 0.57cvss 8.8epss 0.01

    MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system…

  • CVE-2025-2265HigMar 13, 2025
    risk 0.51cvss 7.8epss 0.00

    The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte

  • CVE-2025-14501HigDec 23, 2025
    risk 0.49cvss 7.5epss 0.01

    Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to…

  • CVE-2025-2284HigMar 13, 2025
    risk 0.49cvss 7.5epss 0.06

    A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

  • CVE-2025-2264Mar 13, 2025
    risk 0.08cvss epss 0.39

    A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

  • CVE-2022-2272Aug 3, 2022
    risk 0.02cvss epss 0.02

    This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the…

  • CVE-2025-54759Aug 18, 2025
    risk 0.00cvss epss 0.00

    Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

  • CVE-2025-54862Aug 18, 2025
    risk 0.00cvss epss 0.00

    Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

  • CVE-2025-53948Aug 18, 2025
    risk 0.00cvss epss 0.01

    The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.

  • CVE-2025-3481May 22, 2025
    risk 0.00cvss epss 0.01

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…

  • CVE-2025-3482May 22, 2025
    risk 0.00cvss epss 0.01

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…

  • CVE-2025-3483May 22, 2025
    risk 0.00cvss epss 0.01

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…

  • CVE-2025-3484May 22, 2025
    risk 0.00cvss epss 0.01

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…

  • CVE-2025-2263Mar 13, 2025
    risk 0.00cvss epss 0.01

    During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long…

  • CVE-2025-0574Jan 30, 2025
    risk 0.00cvss epss 0.01

    Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The…

  • CVE-2025-0572Jan 30, 2025
    risk 0.00cvss epss 0.02

    Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. …

  • CVE-2025-0573Jan 30, 2025
    risk 0.00cvss epss 0.02

    Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The…

  • CVE-2025-0569Jan 30, 2025
    risk 0.00cvss epss 0.01

    Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. …

  • CVE-2025-0571Jan 30, 2025
    risk 0.00cvss epss 0.01

    Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this…

Page 1 of 2