Lucene search
K
Timeclock-softwareEmployee Timeclock Software

4 matches found

CVE
CVE
added 2010/03/12 8:0 p.m.71 views

CVE-2010-0122

CVE-2010-0122 affects Employee Timeclock Software 0.99, where input passed to username and password parameters in auth.php and login_action.php is not properly sanitized, allowing remote SQL injection. This leads to arbitrary SQL execution and data manipulation as described in Secunia/NT referenc...

7.5CVSS8.8AI score0.02312EPSS
CVE
CVE
added 2010/03/12 8:0 p.m.55 views

CVE-2010-0123

The CVE-2010-0123 issue affects Employee Timeclock Software 0.99, where the backup database is stored under the web root with insufficient access control. This enables remote attackers to download the database by directly requesting a semi-predictable file name. The vulnerability stems from insec...

5CVSS6.5AI score0.01256EPSS
CVE
CVE
added 2010/03/12 8:0 p.m.46 views

CVE-2010-0124

CVE-2010-0124 affects Employee Timeclock Software 0.99, where the database password is exposed on the mysqldump command line. Local users can reveal the password by listing the running process, leading to potential sensitive-data disclosure. The vulnerability arises from credential exposure in co...

2.1CVSS6.2AI score0.00367EPSS
CVE
CVE
added 2010/02/25 6:3 p.m.39 views

CVE-2010-0707

CVE-2010-0707: CSRF in Employee Timeclock Software 0.99 (add_user.php) allows remote attackers to hijack an administrator’s session and create new administrative users. Root cause is CSRF vulnerability on admin-account creation requests; impact is unauthorized admin account creation as described....

6.8CVSS7.4AI score0.00954EPSS