Santesoft

Sante Pacs Server

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-54759

  • EPSS 0.04%
  • Veröffentlicht 18.08.2025 21:26:10
  • Zuletzt bearbeitet 17.10.2025 17:02:47

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

5.4

CVE-2025-54862

  • EPSS 0.04%
  • Veröffentlicht 18.08.2025 21:23:42
  • Zuletzt bearbeitet 17.10.2025 17:01:15

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

7.5

CVE-2025-54156

  • EPSS 0.02%
  • Veröffentlicht 18.08.2025 21:21:38
  • Zuletzt bearbeitet 17.10.2025 17:28:02

The Sante PACS Server Web Portal sends credential information without encryption.

8.7

CVE-2025-53948

  • EPSS 0.59%
  • Veröffentlicht 18.08.2025 21:16:03
  • Zuletzt bearbeitet 17.10.2025 17:42:51

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.

7.5

CVE-2025-2284

  • EPSS 0.39%
  • Veröffentlicht 13.03.2025 17:15:39
  • Zuletzt bearbeitet 13.03.2025 17:15:39

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

7.8

CVE-2025-2265

  • EPSS 0.03%
  • Veröffentlicht 13.03.2025 17:15:38
  • Zuletzt bearbeitet 13.03.2025 17:15:38

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the h...

7.5

CVE-2025-2264

Exploit
  • EPSS 71.52%
  • Veröffentlicht 13.03.2025 17:15:38
  • Zuletzt bearbeitet 03.04.2025 18:19:34

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

9.8

CVE-2025-2263

Exploit
  • EPSS 1.54%
  • Veröffentlicht 13.03.2025 17:15:38
  • Zuletzt bearbeitet 03.04.2025 18:20:38

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer ov...

7.5

CVE-2025-0574

  • EPSS 1.22%
  • Veröffentlicht 30.01.2025 21:15:14
  • Zuletzt bearbeitet 19.02.2025 19:15:33

Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit...

5.3

CVE-2025-0573

  • EPSS 5.57%
  • Veröffentlicht 30.01.2025 21:15:14
  • Zuletzt bearbeitet 19.02.2025 19:26:10

Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit ...