7 matches found
EUVD-2015-4693
Malware in sbrugna...
biz30.timedoctor.com Cross Site Scripting vulnerability OBB-2138487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Code injection
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file...
CVE-2015-4674
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file...
CVE-2015-4674
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file...
CVE-2015-4674
The CVE relates to TimeDoctor Pro (Windows) 1.4.72.3, where the autoupdate mechanism relies on unsigned installer files fetched without SSL, enabling potential MITM manipulation to run arbitrary code. This describes a supply-chain/update integrity flaw in the autoupdate component, with the underl...
TimeDoctor Secure Bypass Arbitrary Code Execution Vulnerability
TimeDoctor is a professional version of time tracking and management software. A security bypass vulnerability exists in TimeDoctor that allows remote attackers to execute arbitrary code via a man-in-the-middle attack...