64 matches found
CVE-2010-0122
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a auth.php or b loginaction.php...
CVE-2010-0124
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2010-0123
The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."...
Sql injection
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a auth.php or b loginaction.php...
Command injection
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2010-0124
CVE-2010-0124 affects Employee Timeclock Software 0.99, where the database password is exposed on the mysqldump command line. Local users can reveal the password by listing the running process, leading to potential sensitive-data disclosure. The vulnerability arises from credential exposure in co...
CVE-2010-0123
The CVE-2010-0123 issue affects Employee Timeclock Software 0.99, where the backup database is stored under the web root with insufficient access control. This enables remote attackers to download the database by directly requesting a semi-predictable file name. The vulnerability stems from insec...
CVE-2010-0122
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a auth.php or b loginaction.php...
CVE-2010-0123
The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."...
CVE-2010-0124
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2010-0122
CVE-2010-0122 affects Employee Timeclock Software 0.99, where input passed to username and password parameters in auth.php and login_action.php is not properly sanitized, allowing remote SQL injection. This leads to arbitrary SQL execution and data manipulation as described in Secunia/NT referenc...
Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure
====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software "mysqldump" Password Disclosure - ====================================================================== Table of Contents Affected...
Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities
====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software SQL Injection Vulnerabilities - ====================================================================== Table of Contents Affected...
Secunia Research: Employee Timeclock Software Backup Information Disclosure
====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software Backup Information Disclosure - ====================================================================== Table of Contents Affected...
Employee TimeClock Software 0.99 - SQL Injection
Employee TimeClock Software 0.99 - SQL Injection source: http://www.securityfocus.com/archive/1/509995 ====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software SQL Injection Vulnerabilities -...
Employee TimeClock Software 0.99 - SQL Injection
source: http://www.securityfocus.com/archive/1/509995 ====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software SQL Injection Vulnerabilities - ====================================================================== Table of...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in adduser.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information...
CVE-2010-0707
Cross-site request forgery CSRF vulnerability in adduser.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information...
CVE-2010-0707
CVE-2010-0707: CSRF in Employee Timeclock Software 0.99 (add_user.php) allows remote attackers to hijack an administrator’s session and create new administrative users. Root cause is CSRF vulnerability on admin-account creation requests; impact is unauthorized admin account creation as described....
CVE-2010-0707
Cross-site request forgery CSRF vulnerability in adduser.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information...