Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anuko time tracker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32066
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such s...
Anuko Time Tracker
578
VMScore
CVE-2021-43851
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in ...
Anuko Time Tracker
NA
CVE-2023-32306
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions before 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some para...
Anuko Time Tracker
445
VMScore
CVE-2021-21352
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force...
Anuko Time Tracker
578
VMScore
CVE-2022-24707
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker before 1.20.0.5642. This was happening because the ...
Anuko Time Tracker
1 Github repository
312
VMScore
CVE-2022-24708
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions before 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group na...
Anuko Time Tracker
NA
CVE-2023-32308
anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions before 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no ...
Anuko Time Tracker
534
VMScore
CVE-2020-15255
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23...
Anuko Time Tracker
383
VMScore
CVE-2021-41139
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions before 1.19.30.5600, ...
Anuko Time Tracker
668
VMScore
CVE-2020-27422
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an malicious user to use the same link to takeover the account.
Anuko Time Tracker
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »