CVE-2023-32308

The CVE-2023-32308 entry concerns anuko timetracker, an open-source time-tracking system. A Boolean-based blind SQL injection existed in Time Tracker’s invoices.php for versions prior to 1.22.11.5781, caused by a coding error after validating POST parameters and lack of an error check before adju...

Crlf injection

Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not...

CVE-2023-32306

Time Tracker vulnerability CVE-2023-32306 exists in the Reports feature (reports.php) of Time Tracker prior to version 1.22.13.5792. A time-based blind SQL injection arises because several POST parameters aren’t properly validated, enabling crafted requests to inject SQL into the Time Tracker dat...

CVE-2023-32066

Time Tracker’s Week View plugin (versions setTitle call in week.php (line ~245) as implemented in 1.22.12.5783. Affected products include Anuko Time Tracker; no exploitation status is provided in the documents. Recommended remediation: upgrade to 1.22.12.5783 or newer to mitigate the vulnerabilit...

UBUNTU-CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

Fedora: Security Advisory for git-time-metric (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: git-time-metric-1.3.5-16.fc36

Simple, seamless, lightweight time tracking for Git...

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

[SECURITY] Fedora 36 Update: git-time-metric-1.3.5-15.fc36

Simple, seamless, lightweight time tracking for Git...

titra 跨站脚本漏洞

titra is a modern open source time tracking project for freelancers and small teams. A cross-site scripting vulnerability exists in versions prior to titra 0.77.0, which stems from the presence of stored cross-site scripting XSS...

[SECURITY] Fedora 36 Update: git-time-metric-1.3.5-14.fc36

Simple, seamless, lightweight time tracking for Git...

Kimai 安全漏洞

Kimai is an open source, web-based, multi-user time tracking application. A security vulnerability exists in Kimai 2 1.14, which is caused by the description in the new timetable...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-24708

The CVE-2022-24708 entry describes a Stored XSS vulnerability in Anuko Time Tracker. The issue occurs in ttUser.class.php where the primary group name was not escaped for display, allowing a logged-in user to inject JavaScript that could execute in their browser on pages displaying the group name...

kimai2 cross-site scripting vulnerability (CNVD-2021-94816)

kimai2 is an open source, web-based multi-user time tracking application. kimai2 suffers from a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks...

kimai2 cross-site scripting vulnerability

kimai2 is an open source, web-based multi-user time tracking application. kimai2 suffers from a cross-site scripting vulnerability, for which no details of the vulnerability are currently available...

kimai 跨站脚本漏洞

kimai2 is an open source, web-based multi-user time tracking application. kimai2 suffers from a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks...

Kimai 访问控制错误漏洞

kimai2 is an open source, web-based multi-user time tracking application. kimai2 is vulnerable to an access control error, and no details of the vulnerability are currently available...

kimai 跨站脚本漏洞

kimai2 is an open source, web-based multi-user time tracking application. kimai2 suffers from a cross-site scripting vulnerability, for which no details of the vulnerability are currently available...

kimai cross-site request forgery vulnerability

Kimai is an open source, web-based multi-user time tracking application. kimai 2 1.16.2 previously contained a cross-site request forgery vulnerability, which stems from the product's failure to verify that requests originate from trusted users. An attacker could send an unintended request to the...