Lucene search
+L

180 matches found

OSV
OSV
added 2019/07/23 3:15 p.m.2 views

CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...

7.8CVSS6.2AI score
Exploits0References2
NVD
NVD
added 2019/07/23 3:15 p.m.17 views

CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...

7.8CVSS8AI score0.00259EPSS
Exploits0References2
Prion
Prion
added 2019/07/23 3:15 p.m.19 views

Privilege escalation

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...

4.6CVSS8AI score0.00259EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/23 2:7 p.m.49 views

CVE-2019-12162

CVE-2019-12162 affects Upwork Time Tracker 5.2.2.716. The issue is that the updater does not verify the SHA256 hash of the downloaded program update before execution, which could allow replacement of update.exe and result in code execution or local privilege escalation. Documents confirm the desc...

7.8CVSS7.9AI score0.00259EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/23 2:7 p.m.25 views

CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...

8AI score0.00259EPSS
Exploits0References2
hackapp
hackapp
added 2016/04/01 9:22 a.m.7 views

Time Tracker - Timesheet - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Time Tracker - Timesheet published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:51 a.m.20 views

Timesheet - Work Time Tracker - Dangerous filesystem permissions, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Timesheet - Work Time Tracker published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:47 a.m.106 views

Toggl Time Tracker - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Toggl Time Tracker published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.19 views

Fedora 22 : hamster-time-tracker-2.0-0.3.rc1.fc22 (2016-c97f297cd6)

add upstream patches for GNOME 3.18 - workaround for a segfault in glib/gio - prevent warnings with introspection - rhbz1074967 - rhbz1307256 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

5.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.15 views

Fedora 23 : hamster-time-tracker-2.0-0.3.rc1.fc23 (2016-7d556fdafa)

add upstream patches for GNOME 3.18 - workaround for a segfault in glib/gio - prevent warnings with introspection - rhbz1074967 - rhbz1307256 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

5.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2016/02/18 12:0 a.m.14 views

Fedora Update for hamster-time-tracker FEDORA-2016-7

Check the version of hamster-time-tracker SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.807297"...

7.3AI score
Exploits0References2
CNVD
CNVD
added 2015/09/06 12:0 a.m.5 views

Drupal Time Tracker module cross-site scripting vulnerability (CNVD-2015-05876)

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the modules of the time tracking system. A cross-site scripting vulnerability exists in the Drupal Time Tracker module version 7.x-1.4 prior to 7.x-1.x. The...

3.5CVSS6.2AI score0.01412EPSS
Exploits0References1
NVD
NVD
added 2015/08/31 6:59 p.m.17 views

CVE-2015-6751

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

3.5CVSS5.4AI score0.01412EPSS
Exploits0References3
Prion
Prion
added 2015/08/31 6:59 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

3.5CVSS5.6AI score0.01412EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/08/31 6:0 p.m.20 views

CVE-2015-6751

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

5.4AI score0.01412EPSS
Exploits0References3
CVE
CVE
added 2015/08/31 6:0 p.m.33 views

CVE-2015-6751

Summary: Drupal’s Time Tracker module (7.x-1.x) is vulnerable before 7.x-1.4 due to two XSS flaws: injecting arbitrary script/HTML via a time-entry note or via a time-tracker activity field. Root cause: insufficient input filtering on time entry notes and on the activity used to categorize entrie...

3.5CVSS5.4AI score0.01412EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/08/14 12:0 a.m.3 views

Multiple Cross-Site Scripting Vulnerabilities in Drupal Time Tracker Module

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the time tracking system modules. The Drupal Time Tracker module has multiple cross-site scripting vulnerabilities that can be exploited by attackers to cause the...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2015/07/30 12:0 a.m.2 views

Drupal Time Tracker Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the time tracking system modules. A cross-site scripting vulnerability exists in the Drupal Time Tracker module, which stems from the program's failure to...

6.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2015/07/23 1:27 p.m.8 views

Several Critical Flaws Patched in Drupal Module

There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drup...

1.2AI score
Exploits0References2
Drupal
Drupal
added 2015/07/22 12:0 a.m.18 views

Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135

This module enables you to track time on entities and comments. The module doesn't sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Add Time...

3.5CVSS6.7AI score0.01412EPSS
Exploits0References9
Rows per page
Query Builder