180 matches found
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
Privilege escalation
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12162
CVE-2019-12162 affects Upwork Time Tracker 5.2.2.716. The issue is that the updater does not verify the SHA256 hash of the downloaded program update before execution, which could allow replacement of update.exe and result in code execution or local privilege escalation. Documents confirm the desc...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
Time Tracker - Timesheet - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Time Tracker - Timesheet published at the 'play' market has multiple vulnerabilities...
Timesheet - Work Time Tracker - Dangerous filesystem permissions, Dynamic Code Loading, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Timesheet - Work Time Tracker published at the 'play' market has multiple vulnerabilities...
Toggl Time Tracker - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Toggl Time Tracker published at the 'play' market has multiple vulnerabilities...
Fedora 22 : hamster-time-tracker-2.0-0.3.rc1.fc22 (2016-c97f297cd6)
add upstream patches for GNOME 3.18 - workaround for a segfault in glib/gio - prevent warnings with introspection - rhbz1074967 - rhbz1307256 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 23 : hamster-time-tracker-2.0-0.3.rc1.fc23 (2016-7d556fdafa)
add upstream patches for GNOME 3.18 - workaround for a segfault in glib/gio - prevent warnings with introspection - rhbz1074967 - rhbz1307256 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for hamster-time-tracker FEDORA-2016-7
Check the version of hamster-time-tracker SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.807297"...
Drupal Time Tracker module cross-site scripting vulnerability (CNVD-2015-05876)
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the modules of the time tracking system. A cross-site scripting vulnerability exists in the Drupal Time Tracker module version 7.x-1.4 prior to 7.x-1.x. The...
CVE-2015-6751
Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...
CVE-2015-6751
Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...
CVE-2015-6751
Summary: Drupal’s Time Tracker module (7.x-1.x) is vulnerable before 7.x-1.4 due to two XSS flaws: injecting arbitrary script/HTML via a time-entry note or via a time-tracker activity field. Root cause: insufficient input filtering on time entry notes and on the activity used to categorize entrie...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Time Tracker Module
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the time tracking system modules. The Drupal Time Tracker module has multiple cross-site scripting vulnerabilities that can be exploited by attackers to cause the...
Drupal Time Tracker Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the time tracking system modules. A cross-site scripting vulnerability exists in the Drupal Time Tracker module, which stems from the program's failure to...
Several Critical Flaws Patched in Drupal Module
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drup...
Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135
This module enables you to track time on entities and comments. The module doesn't sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Add Time...