MedPack Exploitation Pack for CANVAS. Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it will show one post date, rather than multiple post for hassle free reading in one post. This post is about CANVAS Exploitation Pack (CEP) MedPack, it need to be use with CANVAS Exploitation Testing Framework. MedPack Exploitation Pack for CANVAS is a must for those conduct exploitation testing and security assessment on “Healthcare industry and sector”, require to perform vulnerability assessment and exploitation testing on most medical software, include medical care and dental accounting software. Feel free to contact E-SPIN for product and related matters.
MedPack Exploitation Pack for CANVAS Product Overview
The MedPack is an attempt to collect most medical software vulnerabilities in a one exploit Pack. GLEG covers the software that is widely used in Medical Care and Dental accounting. This Pack could be of interest for security specialists working in this particular field.
The “MedPack” features:
- Most of vulns are 0days discovered by GLEG.
- Growing value – Due to low real systems patch rank
- GLEG try to cover most of the public Medical vulnerabilities! Including old and newly discovered bugs
- 0 Days exploits for Medical software vulnerabilities. GLEG conduct own in depth research!
- Weak points analyses. Some systems suffer from weaknesses like hardcoded passwords and etc.
2021-Dec-10 MedPack 1.43 :
– DBI Technologies Studio Controls for COM Remote Code Execution Vulnerability [1day]
– OpenEMR < 5.0.1 (Path 4) SQL Injection [1 day]
2021-Aug-4 MedPack 1.42
– LEADTOOLS Multimedia Toolkit 17.5 Arbitrary File Overwrite Vulnerability 1 Day
2021-Jun-10 MedPack 1.41:
– MedDream PACS Server 7.1.1 – Multiple SQL Injection 1 Day
2021-Apr-5 MedPack 1.40:
– http://DicomObjects.COM C++ unsafeActiveX method Vulnerability. 1 Day
– MediSoft Network Professional Remote Arbitrary File Overwrite. 1 Day
2021-Jan-30 MedPack 1.39:
– MedDream PACS Server 7.1.1 Persistent Cross-Site Scripting. 1 Day
– LibreHealth 2.0.0 Remote Code Execution via unsafe activex. 1 Day
2020-Dec-04 MedPack 1.38:
– Conquest DICOM Server software 1.5.0 Denial of Service. 1 Day
– Lukefluke Fitness Manager Database Denial of service. 1 Day
2020-Oct-05 MedPack 1.37:
– CharruaPACS CS011 PACS Server Directory Traversal Vulnerability.1 Day
2020-Jul-30 MedPack 1.36:
– DICOM Worklist Server Directory Traversal Vulnerability. 1 Day
2020-Jun-02 MedPack 1.35:
ViscomSoft Image Viewer SDK ActiveX Remote File Create Vulnerability. 1 Day
2020-Feb-29 MedPack 1.34:
– ezDICOM ActiveX Control Remote File Overwrite Vulnerability 2nd.
2019-Dec-31 MedPack 1.33:
– ezDICOM ActiveX viewer Remote File Overwrite Vulnerability. 1Day
2019-Nov-1 1.32 Medpack:
– DICOM3 Medical Imaging Solution ActiveX Remote Code Execution Vulnerability. 1Day
2019-Sep-1 1.31 ver. of MedPack contains 1 module. List:
– Dicoogle Picture Archiving and Communications System Directory Traversal. [1Day]
2019-Jul-24 1.30 ver. of MedPack contains 1 module. List:
2019-May-21 1.29 ver. of MedPack contains 2 module. List:
2019-Apr-16 1.28 ver. of MedPack contains 1 module. List:
2019-Jul-07 1.27 ver. of MedPack contains 2 module. List:
2018-Oct-26 1.26 ver. of MedPack contains 3 module. List:
2018-Aug-27 1.25 ver. of MedPack contains 1 module. List:
2018-Jun-26 1.24 ver. of MedPack contains 2 modules. List:
2018-May-2 1.23 ver. of MedPack contains 2 [0-day]`s. List:
2018-Mar-30 1.22 ver. of MedPack contains 2 [0-day]`s. List:
2018-Jan-29 1.21 ver. of MedPack contains 3 [0-day]`s. List:
2017-Nov-28 1.20 ver. of MedPack contains 3 [0-day]`s. List:
2017-Sep-26 1.19 ver. of MedPack contains 2 [0-day]`s. List:
2017-Aug-1 1.18 ver. of MedPack contains 2 [0-day]`s. List:
2017-May-25 1.18 ver. of MedPack contains 2 [0-day]`s. List:
2017-Mar-27 1.16 ver. of MedPack contains 2 modules. List:
2017-Jan-30 1.15 MedPack contains 2 modules. List:
2016-Dec-6 MedPack 1.14
2016-Sep-26 MedPack 1.13
2016-Aug-31 1.12 version contains 2 0-day modules. List:
2016-Aug-8 1.11 version contains 2 0-day modules. List:
2016-Jun-23 1.10 version contains two 0-day modules. List:
2016-Apr-30 MedPack 1.9 list:
– Medtronic Valleylab Software DoS 0-Day.
– Simacle hospital Blind SQL injection Vulnerability
2016-Mar-21 1.8 MedPack:
– OpenEMR versions 4.2.0 and 4.2.0 patch 1 – SQL Injection Vulnerability. [0day]
– SIMACLE HOSPITAL SOFTWARE 7.0 Arbitrary File Download. [0day]