22 matches found
EUVD-2020-5724
Malware in sbrugna...
EUVD-2019-7110
Malware in sbrugna...
EUVD-2020-5725
Malware in sbrugna...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
Design/Logic Flaw
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-13474
Affected software: NCH Express Accounts 8.24 and earlier. Vulnerability: an authenticated low-privilege user can craft a URL to access higher-privileged functionalities (e.g., Add/Edit users), indicating a privilege-escalation issue rooted in URL-based access control. Impact: as described, it ena...
CVE-2020-13473
CVE-2020-13473 affects NCH Express Accounts 8.24 and earlier. Local users can read the configuration file and recover the cleartext password, exposing confidential information (CVSS 3.1: LOCAL, HIGH confidentiality impact). The provided documents do not include remediation/patch details.
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...
NCH Express Accounts Security Vulnerability
NCH Express Accounts Accounting is a business accounting software. The software includes features such as financial income and expense management, financial analysis and reporting. A security vulnerability exists in NCH Express Accounts version 8.24, which originates when an authenticated,...
NCH Express Accounts Security Vulnerability
NCH Express Accounts Accounting is a business accounting software. The software includes features such as financial income and expense management, financial analysis and reporting. A security vulnerability exists in NCH Express Accounts version 8.24 and prior versions that allows local users to...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...
CVE-2019-16330
CVE-2019-16330 affects NCH Express Accounts Accounting v7.02, with a persistent XSS in Invoices/Sales Orders/Items/Customers/Quotes input fields. An authenticated unprivileged user can modify these fields to inject arbitrary JavaScript, enabling client-side script execution. Connected documents c...
Accounts Accounting 7.02 Cross Site Scripting
Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-16 Vendor Homepage: https://www.nchsoftware.com Source: https://www.nchsoftware.com/accounting/index.html Version: Express Accounts Accounting v7.02 CVE : N/A Tested on:...
Accounts Accounting 7.02 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Author: Debashis Pal Vendor Homepage: https://www.nchsoftware.com Source: https://www.nchsoftware.com/accounting/index.html Version: Express Accounts...