Blog

Mahavitaran Android Application: Insecure Communication of Sensitive Data

Vulnerable Software: Maharashtra State Electricity Board Android Application Vulnerability: Insecure Communication of sensitive data Affected Version: 7.50 and prior Vendor Homepage: https://www.mahadiscom.in/en/home/ App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE:  CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. […]

CVE-2020-13474: NCH Express Accounts- Privilege Escalation

Vulnerable Software: NCH Express Accounts Vulnerability: Privilege Escalation Affected Version: 8.24 and prior Vendor Homepage: https://www.nchsoftware.com/ CVE: CVE-2020-13474 CVE Author: Tejas Nitin Pingulkar Exploit Available: Yes About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases. Additional Information NCH express Accounts […]

CVE-2020-13473: NCH Account-Clear Text Password Storage

Vulnerable Software: Express Account Affected Version: 8.24 and prior Vendor Homepage: https://www.nchsoftware.com/ CVE: CVE-2020-13473 CVE Author: Tejas Nitin Pingulkar Exploit Available: Yes About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases. Additional Information Express Accounts has functionality that allows to […]

Verint: Unauthenticated Information Disclosure via API

Vulnerable Software: Verint Workforce Optimization (WFO) Vulnerability: Unauthenticated Information Disclosure via API Affected Version: 15.1 (15.1.0.37634) Vendor Homepage: Link CVE:  2020-23446 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software: Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas […]

Turbo VPN: Unquoted Search Path Vulnerability

CVE- Vulnerable Software: Turbo VPN Affected Version: 1.1.0.0 Vendor Homepage: https://www.turbovpn.co/#/views/index CVE: – CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software: Turbo VPN For PC is a free VPN client which offers free VPN proxy giving you the chance to unblock sites and applications and gain access to restricted resources. Exploit: Turbo VPN 1.1.0.0 installers and applications are vulnerable to unquoted search path vulnerability as application […]

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO) Vulnerability: HTML Injection Affected Version: 15.2 Vendor Homepage:  https://www.verint.com CVE: CVE-2020-13480 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including: Back-office operations […]

CVE-2020-11560

CVE-2020-11560 NCH Express Clear Text Password Storage Summery Vulnerable Software: Express Invoice Affected Version: 7.25 Vendor Homepage: https://www.nchsoftware.com/ CVE: CVE-2020-11560 CVE Author: Tejas Nitin Pingulkar Exploit Avilable: POC Avilable   About Affected Software Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of […]

Scroll to top