nGenuity

Get a Security Assessment

Encompass Web PACS Forced Browsing Vulnerability

Heartlab Encompass Web PACS is a web application used to remotely access and manage echocardiogram patient data. To conform with HIPAA regulations access to this data should be password protected. Authentication to PACS patient information can be bypassed by navigating to the SessionStart.asp page. This page sets up an anonymous user session and gives access to all patient records.

Open-Realty Multiple XSS Vulnerabilities

Open-Realty® is an open source web based real estate listing management application. It is intended to be both easy to setup and use. Written in PHP, Open-Realty® is designed to be a fast and flexible tool for your real estate website” Multiple reflected cross-site (xss) scripting vulnerabilities exist within Open-Realty.