"MedPack" Updates

MedPack 1.8

- OpenEMR versions 4.2.0 and 4.2.0 patch 1 - SQL Injection Vulnerability. [0day]
- SIMACLE HOSPITAL SOFTWARE 7.0 Arbitrary File Download. [0day]


MedPack 1.7

- Iocomp Software ActiveX Control Remote Code Execution Vulnerability. 0-day
- MedITEX Scheduler FirebirdSQL Server Remote Unauthenticated Denial Of Service. CVE-2013-2492


MedPack 1.6

- MediTEX MaSter by DIOS GmbH Activex 0-Day Remote Arbitrary File Replace.="0-day"
- MediTEX IVF FirebirdSQL Server Remote Unauthenticated Denial Of Service.


MedPack 1.5

- LEADTOOLS Medical ActiveX BrowseDir() Remote Overflow. CVE-2007-2787
- Gerenciador Clinico Odontologico Smile Odonto Arbitrary File Upload Exploit. [0Day]


MedPack 1.4

- Clinic Pro Medical Software ActiveX Buffer Overflow. [0day]
- EncounterPRO-OS <= v.6.1.1 - DLL Hijacking. [0day]
- Clinic Office command exec. Creates trojan in Startup Windows. [0day]


MedPack 1.3

March 15, 2015

-Fluke Biomedical Ansur TList7.ocx ActiveX Control Remote Code Execution[0-day]
-MaxSystems Inc MaxRegLib2 ctToolBar.ocx ActiveX Remote Arbitrary File Deletion[0-day]


MedPack 1.2

December 24, 2014

- Duerr Dental FirebirdSQL Server Remote Unauthenticated Denial Of Service
- Duerr Dental Tyscor Pulse DoS PoC 0-Day
- MaxSystems Inc MaxRegLib2 ctListBar.ocx ActiveX Control Remote Code Execution Vulnerability 0-day


MedPack 1.1

November 16, 2014

- Community Health Information Tracking System (CHITS) <= v.1.4 - Reveals sensitive info. 0day
- Hospital Health Information Management System (hhims) - Blind SQL Injection. 0day
- OpenMedis <= v.1.31 - SQL Injection. 0day
NOTE: Most of the files from 1.0 release have been improved and updated. Some names were changed!


MedPack 1.0

September 1, 2014
First Beta release of the Gleg's MedPack exploits package contains 30 modules.

- Panacea THIRRA (EHR) <= v.1.0.0a Build 251 - Blind SQL Injection
- AxiFirebird Remote Denial Of Service Exploit
- Community Health Information Tracking System (CHITS) <= v.1.4 - SQL injection. 0day
- DentalEye Remote Arbitrary File Overwrite
- Another DentalEye Remote Arbitrary File Overwrite
- District Health Information Software 2 (DHIS2) - BruteForce. 0day
- EBMPICO <= 2013-08-22 - reveals sensitive info. 0day
- FreeMED <= v.0.8.4 - SQL Injection. 0day
- Freemed-YiRC <= v.1.20 - File Upload. 0day
- Hospital Health Information Management System (hhims) - SQL Injection. 0day
- Human Resource Information System(HRIS) <= v3 - BruteForce. 0day
- iMedDoc Medical Software SQL backup download. 0-day
- IPath <= v2.1 - BruteForce. 0day
- Lytec 2014 medical billing Remote Arbitrary File Overwrite. 0day
- Lytec 2008 Claims Manager Remote Arbitrary File Overwrite. 0day
- MediSoft Claim Management Remote Arbitrary File Overwrite. 0day
- MedWebTux <= v.2.15.000 - reveals sensitive info. 0day
- Professional Dental Information System Server Denial Of Service Vulnerability. 0day
- myCare2x CMS - File Upload. 0day
- NOSH (Electronic Medical Record) ChartingSystem <= v.1.8.1 - Blind SQL Injection. 0day
- OpenEMR <= v.4.1.2 - SQL Injection. 0day
- OpenClinic GA <= v.4.16.25 - SQL Injection. 0day
- OpenEMR <= v4.1.2 - BruteForce. 0day
- OpenEMR <= v.4.1.2 - reveals sensitive info. 0day
- OpenMedis <= v.1.31 - reveals sensitive info. 0day
- OpenMedis <= v.1.31 - Blind SQL Injection. 0day
- OpenMedis phpinfo reveals sensitive info. 0day
- Oreste-vet <= v.0.1.0 - BruteForce 0day
- Oreste-vet <= v.0.1.0 - File Upload. 0day
- Oreste-vet <= v.0.1.0 - SQL Injection. 0day