Webeoc
by Esi Products
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-4029 | 0.00 | — | 0.01 | Dec 5, 2005 | WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. | ||
| CVE-2005-4002 | 0.00 | — | 0.00 | Dec 5, 2005 | WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | ||
| CVE-2005-2285 | 0.00 | — | 0.00 | Jul 18, 2005 | WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration. | ||
| CVE-2005-2283 | 0.00 | — | 0.00 | Jul 18, 2005 | WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. | ||
| CVE-2005-2286 | 0.00 | — | 0.01 | Jul 18, 2005 | WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | ||
| CVE-2005-2284 | 0.00 | — | 0.00 | Jul 18, 2005 | Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | ||
| CVE-2005-2282 | 0.00 | — | 0.01 | Jul 18, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. |
- CVE-2005-4029Dec 5, 2005risk 0.00cvss —epss 0.01
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods.
- CVE-2005-4002Dec 5, 2005risk 0.00cvss —epss 0.00
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.
- CVE-2005-2285Jul 18, 2005risk 0.00cvss —epss 0.00
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
- CVE-2005-2283Jul 18, 2005risk 0.00cvss —epss 0.00
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
- CVE-2005-2286Jul 18, 2005risk 0.00cvss —epss 0.01
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
- CVE-2005-2284Jul 18, 2005risk 0.00cvss —epss 0.00
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
- CVE-2005-2282Jul 18, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors.