Tracker Security Vulnerabilities
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email...
9.8CVSS
10AI Score
0.002EPSS
Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield...
7.2CVSS
7.4AI Score
0.001EPSS
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in...
5.4CVSS
5.4AI Score
0.001EPSS
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login...
9.8CVSS
9.7AI Score
0.002EPSS
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by...
6.1CVSS
6.3AI Score
0.001EPSS
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to...
6.1CVSS
5.9AI Score
0.001EPSS
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php...
6.1CVSS
6AI Score
0.001EPSS
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by...
6.1CVSS
6.2AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than...
7.8CVSS
7.6AI Score
0.001EPSS
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in...
7.8CVSS
7.3AI Score
0.001EPSS
fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer...
7.8CVSS
7.5AI Score
0.001EPSS
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original...
7.8CVSS
7.9AI Score
0.0004EPSS
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address...
7.5CVSS
7.2AI Score
0.012EPSS
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess...
9.8CVSS
9.8AI Score
0.003EPSS
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search...
8.8CVSS
8.5AI Score
0.012EPSS
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel...
5.9CVSS
6.6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified...
6.1CVSS
6.5AI Score
0.001EPSS
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted...
8.8CVSS
8.2AI Score
0.002EPSS
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
5.9CVSS
5.1AI Score
0.001EPSS
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)...
7.5CVSS
7.3AI Score
0.001EPSS
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command,...
7.5CVSS
7.5AI Score
0.001EPSS
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another...
5.3CVSS
5.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public...
5.5AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker.....
5.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management...
7.5AI Score
0.003EPSS
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note...
6.9AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2,...
8.1AI Score
0.963EPSS
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed...
8.4AI Score
0.004EPSS
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified...
8.2AI Score
0.004EPSS
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted...
8AI Score
0.014EPSS
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and.....
7.1AI Score
0.003EPSS
The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted...
6.3AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached...
5.9AI Score
0.002EPSS
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it...
8.7AI Score
0.336EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string...
5.8AI Score
0.004EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified...
7.5AI Score
0.002EPSS
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file...
8.6AI Score
0.005EPSS
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save...
7.6AI Score
0.006EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype...
5.9AI Score
0.004EPSS
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error...
5.7AI Score
0.012EPSS
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified...
7.2AI Score
0.011EPSS
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory,.....
7.3AI Score
0.011EPSS
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty...
7.2AI Score
0.017EPSS
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID...
8.4AI Score
0.001EPSS
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.003EPSS
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers...
7.7AI Score
0.053EPSS