Windows | Anandjons (@syh4ck) -أناند

Type: Installable/Customer-Controlled Application

Application Name: PNotesNET version 3.8.1.2

Managing your day-to-day life is not an easy job to do. There are so many things for concern – housekeeping, shopping, children… And what about cousin’s birthday that you always forget or important phone numbers? Undoubtedly your working place is covered with dusty yellow (or blue, or pink) sticky notes. If so – PNotes is right for you. Throw the physical stickies away and replace them with virtual ones on your desktop.

PNotes (Pinned Notes or Portable Notes, use what you prefer) exists in two different editions:

PNotes – the older one, written entirely in plain C and Windows API (with Pelles C for Windows IDE)
PNotes.NET – the newer one, written in C#, requires .NET Framework 4.5

Product Url: https://pnotes-1932d.firebaseapp.com/home

Download Url: https://sourceforge.net/projects/pnotes/files/PNotes.NET/Bin/PNotesNET3812Setup.exe/download

Application Release Date: 04 May 2019

Severity: High

Authentication: Required

Complexity: Medium

Vulnerability Name: Pnotes Insecure File Upload Vulnerability using (Miscellaneous – External Programs) and arbitrary code execution

Vulnerability Explanation: Pnotes is manily used for taking notes, especially a third party open source application. We can upload malicious .exe file via Miscellaneous – External programs and perform code execution via command line access.