Tejas Nitin Pingulkar - Security Researcher - Exploit Intelligence Platform

CVE-2022-47075 EXPLOITDB HIGH python WORKING POC

Smart Office Web <20.28 - Info Disclosure

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

CVSS 7.5

View Code

CVE-2020-11560 EXPLOITDB HIGH python WORKING POC

Nchsoftware Express Invoice - Insufficiently Protected Credentials

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

CVSS 7.8

View Code

CVE-2022-47076 EXPLOITDB HIGH python WORKING POC

Smart Office Web <20.28 - Info Disclosure

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.

CVSS 7.5

View Code