0dd - The Zero (0) Day Division

The Zero (0) Day Division is a group of security professionals working towards a common goal; securing open-source projects.

LH-EHR Authenticated Unrestricted File Write in letter.php - (2)

The Issue

Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.

An attacker must be authenticated to perform this attack.

Yes, this is another instance of the same bug

read more

LH-EHR Authenticated Unrestricted File Deletion

The Issue

Unrestricted file deletion vulnerabilities are caused by overly trusting a user’s input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.

An attacker must be authenticated to perform this attack.

read more

Eclipse RDF4j XXE

The Issue

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

RDF4j contains the functionality to parse rdf files. These files are in XML format. 0dd identified that the parser used within the program was not securely implemented.

read more

LH-EHR Authenticated Local File disclosure

The Issue

Local file disclosure is a vulnerability which allows an attacker to disclose the contents of files on the server. An attacker can use this vulnerability to disclose the contents of sensitive files like /etc/passwd, config files, etc.

In lh-ehr, an attacker must be authenticated to perform this attack. Should the attacker know the path to a file and the web server user has sufficient access to read the file, the contents of the file will be echoed in the page.

read more

YesWiki PHP Objection Injection

The Issue

PHP Object Deserialization Injection attacks utilise the unserialize function within PHP. The deserialisation of the PHP object can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.

The YesWiki project overly trusted user input when processing the data obtained from a form.

read more