Difference between revisions of "Security Alert Fixes"

From OpenEMR Project Wiki
Line 6: Line 6:
::*Fixed in most recent 4.0.0 patch and dev version
::*Fixed in most recent 4.0.0 patch and dev version
:*[http://packetstorm.unixteacher.org/1104-exploits/OpenEMR4.0.0-xss.txt Reflected Cross-site Scripting]
:*[http://packetstorm.unixteacher.org/1104-exploits/OpenEMR4.0.0-xss.txt Reflected Cross-site Scripting]
::*'''(waiting for a developer to fix)'''
::*This link is dead [[User:Bradymiller|Bradymiller]] 20:04, 30 November 2012 (UTC)
:*Security exploit: (Multiple cross-site scripting)
:*Security exploit: (Multiple cross-site scripting)
::*http://packetstormsecurity.org/files/103810
::*http://packetstormsecurity.org/files/103810

Revision as of 20:04, 30 November 2012

Place to record and track OpenEMR security alerts and their fixes:

  • This page is outdated. Awaiting a developer to update/track this. Bradymiller 19:34, 30 November 2012 (UTC)
  • Fixed in most recent 4.0.0 patch and dev version
  • Fixed in most recent 4.0.0 patch and dev version
  • This link is dead Bradymiller 20:04, 30 November 2012 (UTC)
  • Security exploit: (Multiple cross-site scripting)
  • Security exploit: (Multiple sql-injection)
  • Security exploit: (One sql-injection)
  • Security exploit: (One sql-injection)
  • Security exploit: (Multiple Local File Inclusion and arbitrary command execution vulnerabilities)