Vulnerabilities > Rainbowfishsoftware

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2020-29166 Path Traversal vulnerability in Rainbowfishsoftware Pacsone Server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
network
low complexity
rainbowfishsoftware CWE-22
7.5
7.5
2021-02-03 CVE-2020-29165 Missing Authentication for Critical Function vulnerability in Rainbowfishsoftware Pacsone Server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
network
low complexity
rainbowfishsoftware CWE-306
critical
 9.8
9.8
2021-02-03 CVE-2020-29164 Cross-site Scripting vulnerability in Rainbowfishsoftware Pacsone Server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
network
low complexity
rainbowfishsoftware CWE-79
6.1
6.1
2021-02-03 CVE-2020-29163 SQL Injection vulnerability in Rainbowfishsoftware Pacsone Server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
network
low complexity
rainbowfishsoftware CWE-89
8.8
8.8
2020-09-30 CVE-2020-12870 SQL Injection vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
network
low complexity
rainbowfishsoftware CWE-89
critical
 9.8
9.8
2020-09-30 CVE-2020-12869 Cross-site Scripting vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4
RainbowFish PacsOne Server 6.8.4 allows XSS.
network
low complexity
rainbowfishsoftware CWE-79
5.4
5.4
2020-09-30 CVE-2020-12715 Unrestricted Upload of File with Dangerous Type vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
network
low complexity
rainbowfishsoftware CWE-434
8.8
8.8