CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14833
https://notcve.org/view.php?id=CVE-2018-14833
Intuit Lacerte 2017 has Incorrect Access Control. Intuit Lacerte antes del 2017, presenta un Control de Acceso Incorrecto. • https://themikewylie.com/2019/05/21/intuit-lacerte-vulnerability-and-data-exposure-cve-2018-11338-cve-2018-14833 https://www.themikewylie.com/intuit-lacerte-vulnerability-and-data-exposure-cve-2018-11338-cve-2018-14833 • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3854
https://notcve.org/view.php?id=CVE-2018-3854
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información explotable en la funcionalidad de protección de contraseña de Quicken Deluxe 2018 para Mac versión 5.2.2. Una solicitud sqlite3 especialmente manipulada puede provocar la eliminación de la protección de contraseña, permitiendo que un atacante acceda y modifique los datos sin conocer la contraseña. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11338
https://notcve.org/view.php?id=CVE-2018-11338
Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. • https://corporateblue.com/your-taxes-are-being-leaked https://www.themikewylie.com/intuit-lacerte-vulnerability-and-data-exposure-cve-2018-11338-cve-2018-14833 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5198
https://notcve.org/view.php?id=CVE-2010-5198
Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse (1) dbicudtx11.dll, (2) mfc90enu.dll, or (3) mfc90loc.dll file in the current working directory, as demonstrated by a directory that contains a .des, .qbo, or .qpg file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ruta de búsqueda no confiable en Intuit QuickBooks 2010 permite a usuarios locales obtener privilegios a través de un caballo de troya (1) dbicudtx11.dll, (2) mfc90enu.dll, o (3) Archivo mfc90loc.dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. des. QBO, o. QPG. • http://secunia.com/advisories/41221 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list •
CVSS: 2.9EPSS: 0%CPEs: 4EXPL: 1CVE-2012-2422
https://notcve.org/view.php?id=CVE-2012-2422
Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality. Intuit QuickBooks v2009 hasta v2012 podría permitir a atacantes remotos obtener información del nombre de ruta a través de la funcionalidad qbwc://docontrol/GetCompanyFile • http://www.kb.cert.org/vuls/id/232979 http://www.securityfocus.com/archive/1/522139 https://exchange.xforce.ibmcloud.com/vulnerabilities/75173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •