A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

NextGen Healthcare

Ranked #1 EHR and PM by Black Book Research

The Electronic Health Records and Practice Management (PM) by NextGen Healthcare were top ranked by independent healthcare analyst firm Black Book Research for the sixth consecutive year. NextGen Healthcare was ranked #1 EHR in 6–10, 11–25 and 26–99 Physician Groups (All Specialties) and #1 PM solution in all Physician Groups with 6–99 providers in the 2023 Ambulatory EHR PM User Survey.

Read More

**What problem can we help you solve?**

**Practice size**

**My biggest challenge is**

Get Started

**Learn more about what we do****Our integrated platform increases productivity, improves financial outcomes, eases information exchange, and enriches the patient experience.**

*   *   Streamline and customize workflows
    *   Improve care team collaboration
    *   Document with Mobile and gain more face time with patients
    *   Stay current with regulatory requirements
    
*   *   Improve patient engagement
    *   Decrease staff time spent on tedious tasks
    *   Deliver care conveniently with telehealth
    *   Enable direct connections with patients
    
*   *   Target higher-risk patients to close gaps in care
    *   Identify patients with potential to impact outcomes
    *   Coordinate care with seamless communication Identify fee-for-service revenue opportunities
    
*   *   Exchange meaningful information securely
    *   Connect disparate systems to any device
    *   Access data from other providers, organizations and EHRs
    *   Support the latest interoperability and align with Meaningful Use
    
*   *   Provide better check-in and billing
    *   Automate charge creation
    *   Ensure clean claims and reduce denials
    *   Monitor performance and gain insights
    

NextGen Office

Small practices

An all-in-one solution to run your practice so you can focus on care. Practice the way you want with an award-winning, cloud-based EHR that includes a practice management platform and a patient portal.

Learn more

NextGen Enterprise

Mid-size to enterprise practices

A powerhouse EHR solution that’s scalable and adaptable to suit your specialty, workflow, and preferences. With robust specialty-specific clinical content, best-in-class practice management, advanced analytics, RCM, Clearinghouse, patient engagement, and mobile documentation, we’ve got you covered.

Learn more

Experience the benefits of one system, one partner

An EHR system that works seamlessly across the entire organization—EHR, practice management (PM), interoperability, patient self-scheduling, virtual visits, check-in, examination, documentation, check-out, billing, etc. is ideal.

Clinical templates for 26 specialties

Designed with all the productivity tools and reporting capabilities providers need, we have pre-built clinical content for 26 specialties to help you achieve better outcomes. Plus, you can configure the templates to your heart’s delight.

A virtual front door

People expect an excellent digital experience to connect with your practice. Our solutions make it easy for your patients to communicate with your practice, schedule appointments, access their medical records, complete forms, and pay their bills.

Care for your community

Manage the care of your community with a powerful population health solution. Our user-friendly population health solutions sync with your EHR, provide risk stratification of your patient population, help identify gaps in care, and support patient outreach.

A Mobile EHR

With a mobile extension of your practice, you give providers an easier way to work, from anywhere. The access enabled by a mobile EHR means you can treat patients anywhere—and all documentation flows into the patient chart automatically.

The right data now

Securely exchange health information and connect disparate systems across a patient’s entire spectrum of care, easily. Better interoperability is defined by capabilities that boost speed, security, cost-effectiveness, and compliance. Get the data you need when and where you need it.

Secure hosting with AWS

Focus on patient care, not IT management. Scalable, cloud-based hosting services can help reduce the burden of health IT maintenance, speed implementations, simplify upgrades, and cut technology costs. Amazon Web Services (AWS) offer world-class security capabilities and system performance.

People are loving NextGen Healthcare

Hear what our clients have to say about us

****Our clients are making healthcare better****

Everything we do is with our clients in mind. Our solutions are driven by our clients’ input, designed with their needs at the center. Every decision we make is to help our clients become more successful, to improve their clinical and financial outcomes, and to strengthen the health of their communities. We are grateful for our clients every day, in every corner of this company.

We needed a solution that offers meaningful insights to support and sustain our growth. An added benefit of this fluid functionality and connectivity is that it streamlines processes for our staff and provides a better work/life balance for our doctors.

CMO Morris Heights Health Center

Related Content

Learn more about NextGen Healthcare solutions

****The results speak for themselves****

Our solutions have garnered many accolades, but we’re most proud of improving the lives of patients and providers. We continue to develop innovations that help make healthcare better for everyone.

Ready to upgrade your practice?

Make the switch to NextGen Healthcare

CVE-2023-37679: NextGen Healthcare

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.

 

**Unlock trust.  
Unlock everything.**

Keyfactor delivers identity-first security for every device, workload, and thing. Because when you establish digital trust, great things happen.

Great companies trust Keyfactor.

**When everything is connected,  
everything has to be trusted.**

More devices. More workloads. More transactions. Digital trust has never  
been so vital—or so complex. But do it right, and you won’t just boost security;  
you’ll get unmatched agility, control, and scalability. That’s where we come in.

IDENTIFY

**Powerful, highly scalable  
PKI for enterprise or IoT.**

Seamlessly issue and manage trusted  
identities—for every machine and person.

The easily scalable, open-source version  
of Keyfactor’s PKI platform.

MANAGE

**Visibility, control, and  
automation for IoT and  
machine IDs.**

Discover and automate your PKI and  
digital certificates from one platform.

Manage all of your IoT device identities—  
at scale—from a single place.

SIGN

**Fast, secure, and flexible  
signing solutions.**

Easily protect keys and sign code with  
native tools.

Automatically sign code and documents  
fast with APIs.

**Find Your Digital Trust**

**loT**

Embed each device with a trusted and unique identity at design, then keep it secure throughout the product lifecycle.

**Enterprise IT**

Establish digital trust across enterprise and multi-cloud environments with trusted PKI and machine identity automation.

**Webinar****Integrating Secure Code Signing in the CI/CD Pipeline**

Watch

**Whitepaper****Five Guiding Tenets for IoT Security**

Read More

**Report****Emerging Trends in Cryptography for 2022**

Read More

**“PKI is an absolute foundational piece to what we’re building. Without EJBCA, we couldn’t have what we have. It is a key pillar to the future of our products.”****Jason Slack****Director of Engineering**

Read Case Study

**“We went from 2,000 certificates to more than 350,000 certificates. That’s a lot to keep track of, but Keyfactor helps us keep everything in view and it’s allowed us to scale massively.”****Joshua Nash****Technology Manager and SVP for Security Engineering**

Read Case Study

**“Sometimes it was difficult to get things working right away or to deploy it on EJBCA. But every time we had an issue, Keyfactor and Red Hat helped us to solve it. It was a very productive relationship.”****Rufus Buschart****Head of PKI at Siemens**

Read Case Study

**“Certificates would expire, but we wouldn’t know until systems went down. Since deploying Keyfactor, we’ve eliminated these incidents entirely.”****David Yu****VP of Security Architecture**

Read Case Study

**“PKI is an absolute foundational piece to what we’re building. Without EJBCA, we couldn’t have what we have. It is a key pillar to the future of our products.”****Jason Slack****Director of Engineering**

Read Case Study

**“We went from 2,000 certificates to more than 350,000 certificates. That’s a lot to keep track of, but Keyfactor helps us keep everything in view and it’s allowed us to scale massively.”****Joshua Nash****Technology Manager and SVP for Security Engineering**

Read Case Study

**“Sometimes it was difficult to get things working right away or to deploy it on EJBCA. But every time we had an issue, Keyfactor and Red Hat helped us to solve it. It was a very productive relationship.”****Rufus Buschart****Head of PKI at Siemens**

Read Case Study

**“Certificates would expire, but we wouldn’t know until systems went down. Since deploying Keyfactor, we’ve eliminated these incidents entirely.”****David Yu****VP of Security Architecture**

Read Case Study

**Keyfactor by the Numbers**

**90 %**

Support Satisfaction

**4.6 **

G2 Reviews

**Ready to try  
Keyfactor?**

CVE-2023-34196: Home

Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2020-20808: vuln/qibosoft_cross_Site_Scripting.md at master · alorfm/vuln

ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.

**Description**

SEGV on unknown address has occurred when running program SDLaffgif in function SDL\_LoadAnimatedGif at ngiflibSDL.c:179:3

**Version**

    commit 84a750338394bbd2f8ff15811e2098bd9634180a (HEAD -> master, origin/master, origin/HEAD)
    Author: Thomas Bernard <miniupnp@free.fr>
    Date:   Sat Jul 15 01:46:02 2023 +0200
    

**Steps to reproduce**

    git clone https://github.com/miniupnp/ngiflib.git
    cd ngiflib
    CC="clang -fsanitize=address -g" make
    ./SDLaffgif ./poc4
    

    End of image code 0x101 (nbbit=10)
    ZERO TERMINATOR 0x00
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==6500==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000044 (pc 0x7ffff7b68f51 bp 0x7fffffffddd0 sp 0x7fffffffd940 T0)
    ==6500==The signal is caused by a READ memory access.
    ==6500==Hint: address points to the zero page.
        #0 0x7ffff7b68f51 in SDL_LockSurface (/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0+0x2df51)
        #1 0x4c6e74 in SDL_LoadAnimatedGif /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/ngiflibSDL.c:179:3
        #2 0x4c5d1a in main /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/SDLaffgif.c:107:14
        #3 0x7ffff6b8ac86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
        #4 0x41ba59 in _start (/media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/SDLaffgif+0x41ba59)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0+0x2df51) in SDL_LockSurface
    ==6500==ABORTING
    
    

**POC**

https://github.com/GGb0ndQAQ/POC/blob/main/ngiflib/poc4

**Impact**

Potentially causing DoS

CVE-2023-39114: SEGV on unknown address has occurred when running program SDLaffgif in function SDL_LoadAnimatedGif at ngiflibSDL.c:179  · Issue #29 · miniupnp/ngiflib

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.

**Description**

SEGV on unknown address has occurred when running program gif2tga in function main at gif2tga.c:169:5

**Version**

    commit fb2713a548a530c13f14b586a479818cb0182a5e (HEAD -> master, origin/master, origin/HEAD)
    Author: Thomas Bernard <miniupnp@free.fr>
    Date:   Thu Jun 29 23:35:16 2023 +0200
    

**Steps to reproduce**

    git clone https://github.com/miniupnp/ngiflib.git
    cd ngiflib
    CC="clang -fsanitize=address -g" CFLAGS+=-DNGIFLIB_NO_FILE make
    ./gif2tga -i ./poc3
    

    INDEXED MODE
    LoadGif() returned 1
    ._out01.tga written
    LoadGif() returned 1
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==13842==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000002 (pc 0x0000004c68e2 bp 0x7ffce0c71440 sp 0x7ffce0c71180 T0)
    ==13842==The signal is caused by a READ memory access.
    ==13842==Hint: address points to the zero page.
        #0 0x4c68e2 in main /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga.c:169:5
        #1 0x7f0dd1fa9c86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
        #2 0x41bfc9 in _start (/media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga+0x41bfc9)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga.c:169:5 in main
    ==13842==ABORTING
    

**POC**

https://github.com/GGb0ndQAQ/POC/blob/main/ngiflib/poc3

**Impact**

Potentially causing DoS

CVE-2023-39113: SEGV on unknown address has occurred when running program gif2tga in function main at gif2tag.c · Issue #27 · miniupnp/ngiflib

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-3978: x/net/html: text nodes outside of the HTML namespace improperly rendered · Issue #61615 · golang/go

Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.

*   Language: English
    *   Español
    *   Português
    *   français
    *   中国人
    *   عربي
    *   русский

*   PRODUCTS
*   SOLUTIONS
    *   TV Broadcasters
    *   Radio Broadcasters
    *   Network Operators
    *   Public Safety and Government Communications
    *   Total Cost of Ownership
    *   Digital Terrestrial TV
    *   Are You Ready for ATSC 3.0?
    *   NextGen TV
    *   End-To-End Radio
    *   HD Radio®
    *   DAB Radio
    *   Multichannel Broadcasting
    *   Single-Frequency Networks (SFNs)
    *   MaxxCasting™
    *   Remote Broadcasting
    *   Remote Management
    *   Are You Ready for the Spectrum Repack?
    *   LTE Mobile Offload
*   SERVICES
    *   Technical Support
    *   Training
    *   Professional Services
    *   Warranties
    *   Service Parts
    *   GatesAir University
    *   eBay Clearance Store
*   MEDIA CENTER
    *   News
    *   Events
    *   Webinars
    *   Presentations
    *   White Papers
    *   GatesAir Video
    *   Thomson Broadcast Video
    *   Articles
    *   Blog
    *   Media Resources
*   COMPANY
    *   About GatesAir
    *   Awards
    *   Innovation
    *   100 Years of GatesAir
    *   Management Team
    *   Careers
    *   Legal & Compliance
*   CONTACT US
    *   Sales Inquiry
    *   Global Locations
    *   Find Your Regional Sales Manager
    *   Sales Staff Directory
    *   Channel Partner Directory
    *   Financing Options
    *   General Information
    *   Customer Support
    *   Join Our Mailing List
    *   eBay Clearance Store
    *   Careers
    *   Media Resources
*   CUSTOMER LOGIN

**TRANSPORT****TRANSMIT  
Television****TRANSMIT  
Radio**

CVE-2023-36081: GatesAir | TV/Radio Transmitters and STL/AoIP Codecs for Broadcasting

EmpowerID versions 7.205.0.0 suffers from a vulnerability that allows an attacker to change a second factor flow armed with only the login and password for an account.

     Severity: HighDescription:An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability, an attacker would need to have access to valid and breached login details, including a username and password.This vulnerability's root cause lies in insufficient verification of previously registered MFA during the process of delivering MFA codes. A bad actor possessing the correct login details for an EmpowerID user account can abuse this weakness by changing the email address associated with the user's account to an alternate one under their control. Consequently, the MFA codes that should be sent to the legitimate user are instead delivered to the malicious party's email.By successfully taking advantage of this vulnerability, an attacker could circumvent MFA safeguards and potentially gain unpermitted access to the victim's account. Such a security breach could enable unauthorized activities, data breaches, or the exposure of confidential information within the impacted EmpowerID system.Affected Versions:  *   EmpowerID versions V7.205.0.0 and earlier.Actions Performed:EmpowerID has released a patch to version V7.205.0.1 and older versions, which addresses this vulnerability. EmpowerID has contacted customers which are known to use EmpowerID's MFA. It is highly recommended that all customers upgrade to the latest version immediately to mitigate the risk, or contact EmpowerID for patch details.[signature_889433285]<http://empowerid.com/>   Nirav Patel   [signature_1232658466]    nirav.patel@empowerID.com<mailto:nirav.patel@empowerID.com>   [signature_1909062425]    www.empowerID.com<http://empowerid.com/>   [signature_729000866] <http://www.youtube.com/user/empowerID>   [signature_2001009733] <https://twitter.com/EmpowerID>   [signature_1070999265] <https://www.facebook.com/220903377569>   [signature_679156352] <https://www.linkedin.com/company/85780>

EmpowerID 7.205.0.0 Authentication Bypass

Red Hat Security Advisory 2023-4312-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.46.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.46 security update  
Advisory ID:       RHSA-2023:4312-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4312  
Issue date:        2023-08-02  
CVE Names:         CVE-2023-1260   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.46 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.11 - aarch64, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.46. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:4310

Security Fix(es):

* kube-apiserver: PrivEsc (CVE-2023-1260)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2176267 - CVE-2023-1260 kube-apiserver: PrivEsc

6. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:  
cri-o-1.24.6-4.rhaos4.11.git4bfe15a.el8.src.rpm  
openshift-4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8.src.rpm  
openshift-clients-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.src.rpm

aarch64:  
cri-o-1.24.6-4.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
cri-o-debuginfo-1.24.6-4.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
cri-o-debugsource-1.24.6-4.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
openshift-clients-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8.aarch64.rpm

ppc64le:  
cri-o-1.24.6-4.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
cri-o-debuginfo-1.24.6-4.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
cri-o-debugsource-1.24.6-4.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
openshift-clients-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8.ppc64le.rpm

s390x:  
cri-o-1.24.6-4.rhaos4.11.git4bfe15a.el8.s390x.rpm  
cri-o-debuginfo-1.24.6-4.rhaos4.11.git4bfe15a.el8.s390x.rpm  
cri-o-debugsource-1.24.6-4.rhaos4.11.git4bfe15a.el8.s390x.rpm  
openshift-clients-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8.s390x.rpm

x86_64:  
cri-o-1.24.6-4.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
cri-o-debuginfo-1.24.6-4.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
cri-o-debugsource-1.24.6-4.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
openshift-clients-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.11.0-202307200522.p0.g7e1b2fb.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1260  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyb4HAAoJENzjgjWX9erEJ0AP/0bylhEuVp+lLAItzJ57OvJi  
B4t8aruA+zIVJYLPjPVGkh49JkFsGZR8Ga/7Yd/6EjCJ59PYR5eU3O5x62lIogp2  
lRje18obND5ZDfSLg690JU0vHIsCoW92LYvAvI5i6BMErLR4gBnOBdxS51Pfg1DP  
m7aPcpu8g/cguGZJPPi6kcQwj6/xsFjj9c+TcCDW8IGZgcZkATQBQMDsAC/vhLL3  
ohBZYPl+yqljNbKe8LqOx312dYdnqrGERcBqJTxAoDTrYRz6cbrDE51/SbOlo8fU  
5129uXdpXQb1/sYH9l1nZ/Tw1oB048NQhicgHCQqZ7dLmEDd3eQIrHEQF/gAFTVF  
iaaaWANOXrY429M7XAYYMWMJDDZu0jFusSKH/iqTEnpQ25IGqo9hg5wsu00YiFgq  
Qv4xeVfHfiFP9KUFLkgtYJXocjmQbSfvat7Rg3ERm7PcLdkMtjv4ZOwq9bNfVPA9  
jTkvWSpvZqPQUNrM+LnDHoJDbyaktSJ5tAQo2OqXcjqPwP2obhYz9JkfHLtuAyJk  
BB3x7W5APudHBSUZtnVuAkvqlZV0kTmqZefsGNxpVvLnkSMhnFEDh7ulfaiRchRx  
uhFWIYHYRfLXTUntK2nlSCKLzmQ1q4ZjUA1Cn9Q9iyzQOW985xHjmBIiAy7UsZV9  
tDKzlhlP6hDTq8oRr66P  
=GO42  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4312-01

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Customer Stories
    *   White papers, Ebooks, Webinars
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

WodenSec / **CVE-2022-46484** Public

*   Notifications
*   Fork 0
*   Star 1
    

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

1 star 0 forks Activity

Star

Notifications

*   Code
*   Issues
*   Pull requests
*   Actions
*   Projects
*   Security
*   Insights

More

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

WodenSec Rename ngPass.py to CVE-2022-46484.py

6df43c3

Jan 11, 2023

Rename ngPass.py to CVE-2022-46484.py

6df43c3

**Git stats**

*   **4** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

CVE-2022-46484.py

Rename ngPass.py to CVE-2022-46484.py

January 11, 2023 10:17

README.md

Create README.md

January 11, 2023 10:16

**README.md**

**CVE-2022-46484**

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

**About**

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

**Resources**

Readme

Activity

**Stars**

**1** star

**Watchers**

**1** watching

**Forks**

**0** forks

Report repository

**Releases**

No releases published

**Packages**

No packages published  

**Languages**

*   Python 100.0%

CVE-2022-46484: GitHub - WodenSec/CVE-2022-46484: Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to ac

Tag

#git