4 matches found
CVE-2010-0122
CVE-2010-0122 affects Employee Timeclock Software 0.99, where input passed to username and password parameters in auth.php and login_action.php is not properly sanitized, allowing remote SQL injection. This leads to arbitrary SQL execution and data manipulation as described in Secunia/NT referenc...
CVE-2010-0123
The CVE-2010-0123 issue affects Employee Timeclock Software 0.99, where the backup database is stored under the web root with insufficient access control. This enables remote attackers to download the database by directly requesting a semi-predictable file name. The vulnerability stems from insec...
CVE-2010-0124
CVE-2010-0124 affects Employee Timeclock Software 0.99, where the database password is exposed on the mysqldump command line. Local users can reveal the password by listing the running process, leading to potential sensitive-data disclosure. The vulnerability arises from credential exposure in co...
CVE-2010-0707
CVE-2010-0707: CSRF in Employee Timeclock Software 0.99 (add_user.php) allows remote attackers to hijack an administrator’s session and create new administrative users. Root cause is CSRF vulnerability on admin-account creation requests; impact is unauthorized admin account creation as described....