41 matches found
EUVD-2025-206091
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...
CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...
CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...
CVE-2025-69288
CVE-2025-69288 affects Titra open source time-tracking software. Before version 0.99.49, an authenticated Admin can modify the timeEntryRule in the database, which is then passed to a NodeVM to execute as code, enabling Remote Code Execution. The issue is fixed in 0.99.49. Documents also referenc...
PT-2025-54470
Name of the Vulnerable Software and Affected Versions Titra versions prior to 0.99.49 Description Titra is open source project time tracking software. Prior to version 0.99.49, authenticated Admin users can modify the timeEntryRule value in the database. This value is then passed to a NodeVM valu...
Eigenfocus 代码注入漏洞
Eigenfocus is a project management, planning software from Eigenfocus open source. A code injection vulnerability exists in Eigenfocus 1.4.0 and earlier versions, which stems from incorrect manipulation of the parameter entry.description/timeentry.description, and could lead to a cross-site...
EUVD-2017-7028
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-15576
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
SUSE CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
DEBIAN-CVE-2020-36308
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...
Information disclosure
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
UBUNTU-CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
DEBIAN-CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
CVE-2017-15576
CVE-2017-15576 affects Redmine before 3.2.6 and 3.3.x before 3.3.3. The issue arises from mishandling Time Entry rendering in activity views, enabling remote disclosure of sensitive information. The vulnerability is labeled as information disclosure with CVSSv3 base score 7.5 (NETWORK, LOW attack...
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...