Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based multi-user time tracking application. kimai 2 1.16.2 previously contained a cross-site request forgery vulnerability, which stems from the product's failure to verify that requests originate from trusted users. An attacker could send an unintended request to the...

Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in Kimai 2, which stems from the product's failure to validate that a request originated from a trusted user. An attacker could use this vulnerability to send unintended...

Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in Kimai 2, which stems from the product's failure to validate that a request originated from a trusted user. An attacker could use this vulnerability to send unintended...

Cross-site Scripting (XSS) - Stored in eventum/eventum

Description Multiple Stored XSS in Administration at eventum 3.10.8 Proof of Concept // PoC.payload " Step to Reproduct Goto Administration Areas and choose to feature below Manage News Input payload into fieldTitle Manage Status Input payload into fieldTitle Manage Projects Input payload into...

CVE-2021-41156 Reflected XSS vulnerability

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

CVE-2021-41139

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible...

CVE-2021-41139

Anuko Time Tracker (PHP) suffers a reflected XSS in time.php via the date URI parameter, exploitable before patch in 1.19.30.5600. An attacker could persuade a logged-in user to click a crafted link, causing attacker-supplied JavaScript to execute in the user’s browser. Remediated in version 1.19...

CISA Alert: Top Routinely Exploited Vulnerabilities

On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency CISA released a cybersecurity advisory detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply...

Tracking Amazon delivery staff

TL; DR The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs. This isn’t the case – one can track the driver on the entire route and all drops, including their speed on the road. This preci...

Cross site request forgery (csrf)

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery CSRF vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an...

CVE-2021-29436 Cross site request forgery vulnerability

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery CSRF vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an...

CVE-2021-21352

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...

CVE-2021-21352

Anuko Time Tracker (PHP) before version 1.19.24.5415 uses time-based tokens in the password-reset feature, enabling brute-force guessing to change user passwords (including admin). The issue is addressed in 1.19.24.5415 (better tokens) and further limited in 1.19.24.5416 with a reduced brute-forc...

WindowHistory Tool

Created Date: 03/22/2006 Updated Date: 09/29/2017 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Navigate to your...

Timewarrior - Commandline Time Reporting

Timewarrior is a time tracking utility that offers simple stopwatch features as well as sophisticated calendar-based backfill, along with flexible reporting. It is a portable, well supported and very active Open Source project. Installing From Package Thanks to the community, there are binary...

PT-2020-13460 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.2 GitLab versions prior to 13.0.8 GitLab versions prior to 12.10.13 Description: An issue has been discovered in GitLab where a missing permission check allows adding time spent on an issue. Recommendations: For...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...

DroidTracker - Script To Generate An Android App To Track Location In Real Time

Script to generate an Android App to track location in real time Features: Custom App Name 2 Port Forwarding options Ngrok or using SSH Tunneling with Serveo.net Obfuscated URL by Tinyurl Fully Undetectable Legal disclaimer: Usage of DroidTracker for attacking targets without prior mutual consent...

Lojack’d: Pwning Smart vehicle trackers

This research is by @evstykas with help from @Yekki1 and @TheKenMunroShow. Many car insurers insist that smart trackers are fitted to high end vehicles. In the event of theft, the car can be tracked and recovered. Probably the most well-known is LoJack, also known as Tracker in Europe. We also...

Gone in six seconds? Exploiting car alarms

Key relay attacks against keyless entry vehicles are well known. Many 3rd party car alarm vendors market themselves as solutions to this. We have shown that fitting these alarms can make your vehicle EVEN LESS SECURE! These alarms can expose you to hijack, may allow your engine to be stopped whil...