9 matches found
EUVD-2017-5294
Malware in sbrugna...
Sql injection
A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyerdetailsubmit.php of the component HTTP POST Request Handler. The manipulation of the argument gstnno leads to sql injection. The attack c...
Kashipara Billing Software SQL Injection Vulnerability
Kashipara Billing Software is an application from Kashipara India. Kashipara Billing Software version 1.0 suffers from a SQL injection vulnerability that stems from a SQL injection vulnerability in gstnno of the Buyerdetailsubmit.php file...
India Goods and Services Tax Network (GSTN) Offline Utility Elevation of Privilege Vulnerability
A security vulnerability exists in GSTNofflinetool in the India Goods and Services Tax Network GSTN Offline Utility tool prior to version 1.2. A local attacker can exploit this vulnerability by replacing winstart-server.vbs with arbitrary VBScript code to gain privileges...
CVE-2017-13779
GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...
CVE-2017-13779
GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...
Command injection
GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...
CVE-2017-13779
GSTN_offline_tool (GSTN Offline Utility) prior to version 1.2 stores winstart-server.vbs in C:\GST Offline Tool with insecure permissions, enabling local privilege escalation by replacing the VBScript with arbitrary code (e.g., a reverse shell). Affected: GSTN Offline Utility before 1.2. Root cau...
CVE-2017-13779
GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...