Lucene search

MitreCVE-2006-0691

HistoryFeb 15, 2006 - 11:06 a.m.

CVE-2006-0691

2006-02-1511:06:00

mitre

web.nvd.nist.gov

cve-2006-0691

nvd

tts time tracking software

remote attack

data overwrite

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.135

Percentile

95.6%

JSON

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.

Affected configurations

Nvd

Node

scheduling_management.comtime_tracking_softwareMatch3.0

VendorProductVersionCPE
scheduling_management.comtime_tracking_software3.0cpe:2.3:a:scheduling_management.com:time_tracking_software:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scheduling_management.com	time_tracking_software	3.0	cpe:2.3:a:scheduling_management.com:time_tracking_software:3.0:::::::*

References

secunia.com/advisories/18854

www.evuln.com/vulns/69/summary.html

www.securityfocus.com/archive/1/425505/100/0/threaded

www.securityfocus.com/bid/16630

www.securityfocus.com/bid/16731

www.vupen.com/english/advisories/2006/0524

exchange.xforce.ibmcloud.com/vulnerabilities/24570

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.135

Percentile

95.6%

JSON

Related for CVE-2006-0691