22 matches found
EUVD-2020-3912
Malware in sbrugna...
EUVD-2019-7080
Malware in sbrugna...
EUVD-2020-3911
Malware in sbrugna...
EUVD-2020-5727
Malware in sbrugna...
CVE-2020-11561
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
NCH Express Invoice 7.25 Cleartext Password
Exploit Title: NCH Express Invoice - Clear Text Password Storage and Account Takeover Google Dork:: intitle:ExpressInvoice - Login Date: 07/Apr/2020 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://www.nchsoftware.com/ Software Link:...
NCH Express Invoice - Clear Text Password Storage and Account Takeover
Exploit Title: NCH Express Invoice - Clear Text Password Storage and Account Takeover Google Dork:: intitle:ExpressInvoice - Login Date: 07/Apr/2020 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://www.nchsoftware.com/ Software Link:...
CVE-2020-13476
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module...
Cross site scripting
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module...
CVE-2020-13476
The CVE-2020-13476 entry describes a Reflected XSS in the Quotes List module of NCH Express Invoice versions 8.06–8.24. Affected software is the NCH Express Invoice product (Invoice software). According to the NVD entry, the vulnerability is network-accessible with MEDIUM overall risk (CVSS v3.1 ...
CVE-2020-13476
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module...
CVE-2020-11560
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...
Design/Logic Flaw
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...
CVE-2020-11561
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
Code injection
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
CVE-2020-11561
NCH Express Invoice 7.25 is affected by CVE-2020-11561. The vulnerability allows an authenticated, low-privilege user to craft a URL that gains access to higher-privileged functionalities, such as the Add New Item screen. Multiple connected sources (NVD, Red Hat, CNVD, CNVD-derived listings) corr...
CVE-2020-11561
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
CVE-2020-11560
CVE-2020-11560 affects NCH Express Invoice 7.25. Local users can read the application’s configuration file to obtain cleartext passwords, enabling potential account takeover. Root cause: credentials stored in plaintext in the configuration/files under the Express Invoice data path. Exploitation d...
CVE-2020-11560
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...