Uncategorized

Smart Office Suite- Unauthenticated Data Ex

Vulnerable Software: Smart Office Web Vulnerability: Unauthenticated Data Export and Database Password Disclosure Affected Version: 20.28 Fixed Version: No Fix Available Vendor Homepage: https://smartofficepayroll.com/ CVE: CVE-2022-47075 and CVE-2022-47076 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC, Exploit  About Affected Software Meant for companies with a presence in multiple locations, and usage is required at multiple places. Also suitable for those companies who would […]

CVE-2021-41716 Mahavitaran Android Application: Account take over via OTP Fixation

Vulnerable Software: Maharashtra State Electricity Board Android Application Vulnerability: Account takeover via OTP Fixation Affected Version: 7.50 and prior Patched: Yes Vendor Homepage: https://www.mahadiscom.in/en/home/ App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE: CVE-2021-41716 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software The Official App for Consumer by Mahavitaran (MSEDCL). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The […]

CVE-2020-27413 Mahavitaran Android Application: Clear-text password storage

Vulnerable Software: Maharashtra State Electricity Board Android Application Vulnerability: Clear-text password storage Affected Version: 7.50 and prior Patched: Yes Vendor Homepage: https://www.mahadiscom.in/en/home/ App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE: CVE-2020-27413 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services […]

CVE-2020-27416 Mahavitaran Android Application: Account take over via OTP bypass

Vulnerable Software: Maharashtra State Electricity Board Android Application Vulnerability: Account take over via OTP bypass Affected Version: 7.50 and prior Patched: Yes Vendor Homepage: https://www.mahadiscom.in/en/home/ App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE: CVE-2020-27416 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her […]

CVE-2020-35398: UTI Mutual fund Android Application- Username Enumeration

Vulnerable Software: UTI Mutual fund Android Application Vulnerability: Username Enumeration Affected Version: 5.4.28 Patch: Not Released (03-December-2021) Vendor Homepage: https://utimf.com/ CVE: CVE-2020-11561 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC available About Affected Software Investing in Mutual Funds is now easy with the UTI MF (UTI Mutual Funds) App. It gives you a hassle-free experience to invest in any mutual fund scheme […]

CVE-2020-27414 Mahavitaran Android Application: Insecure Communication of Sensitive Data

Vulnerable Software: Maharashtra State Electricity Board Android Application Vulnerability: Insecure Communication of sensitive data Affected Version: 7.50 and prior Patched: Yes Vendor Homepage: https://www.mahadiscom.in/en/home/ App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE: CVE-2020-27414 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The […]

CVE-2020-13474: NCH Express Accounts- Privilege Escalation

Vulnerable Software: NCH Express Accounts Vulnerability: Privilege Escalation Affected Version: 8.24 and prior Vendor Homepage: https://www.nchsoftware.com/ CVE: CVE-2020-13474 CVE Author: Tejas Nitin Pingulkar Exploit Available: Yes About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow, including sales, receipts, payments, and purchases. Additional Information NCH […]

CVE-2020-13473: NCH Account-Clear Text Password Storage

Vulnerable Software: Express Account Affected Version: 8.24 and prior Vendor Homepage: https://www.nchsoftware.com/ CVE: CVE-2020-13473 CVE Author: Tejas Nitin Pingulkar Exploit Available: Yes About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow, including sales, receipts, payments, and purchases. Additional Information Express Accounts has functionality that […]

Verint: Unauthenticated Information Disclosure via API

Vulnerable Software: Verint Workforce Optimization (WFO) Vulnerability: Unauthenticated Information Disclosure via API Affected Version: 15.1 (15.1.0.37634) Vendor Homepage: Link CVE:  2020-23446 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software: Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas […]

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO) Vulnerability: HTML Injection Affected Version: 15.2 Vendor Homepage:  https://www.verint.com CVE: CVE-2020-13480 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including: Back-office operations […]

Scroll to top