180 matches found
CVE-2021-29436
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery CSRF vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an...
CVE-2021-21352
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...
CVE-2020-27422
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...
CVE-2020-27423
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2022-24707
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...
CVE-2022-31149
ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a...
CVE-2020-15255
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...
mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
DEBIAN-CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
Input validation
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
UBUNTU-CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
GNOME Time Tracker Injection Vulnerability
GNOME Time Tracker GnoTime,GTT is a to-do list/journal/diary tool from GNOME. A security vulnerability exists in GNOME Time Tracker version 3.0.2, which stems from the presence of a CSV injection vulnerability. An attacker can exploit the vulnerability to execute arbitrary code by building a .tsv...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-36250
The CVE-2023-36250 entry concerns GNOME Time Tracker (version 3.0.2) and describes a CSV injection flaw that allows a local attacker to execute arbitrary code by crafting a .tsv file during record creation. Affected component appears to be the time-tracker input handling for TSVs, with the underl...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...