16 matches found
EUVD-2020-5724
Malware in sbrugna...
EUVD-2019-7110
Malware in sbrugna...
EUVD-2020-5725
Malware in sbrugna...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
Design/Logic Flaw
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
CVE-2020-13474
Affected software: NCH Express Accounts 8.24 and earlier. Vulnerability: an authenticated low-privilege user can craft a URL to access higher-privileged functionalities (e.g., Add/Edit users), indicating a privilege-escalation issue rooted in URL-based access control. Impact: as described, it ena...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
CVE-2020-13473
CVE-2020-13473 affects NCH Express Accounts 8.24 and earlier. Local users can read the configuration file and recover the cleartext password, exposing confidential information (CVSS 3.1: LOCAL, HIGH confidentiality impact). The provided documents do not include remediation/patch details.
NCH Express Accounts Security Vulnerability
NCH Express Accounts Accounting is a business accounting software. The software includes features such as financial income and expense management, financial analysis and reporting. A security vulnerability exists in NCH Express Accounts version 8.24 and prior versions that allows local users to...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...
CVE-2019-16330
CVE-2019-16330 affects NCH Express Accounts Accounting v7.02, with a persistent XSS in Invoices/Sales Orders/Items/Customers/Quotes input fields. An authenticated unprivileged user can modify these fields to inject arbitrary JavaScript, enabling client-side script execution. Connected documents c...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...