CVE-2006-0691 Information

Description

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct which allows remote attackers to overwrite arbitrary data belonging to any account.

Reference

http://secunia.com/advisories/18854 http://www.evuln.com/vulns/69/summary.html http://www.securityfocus.com/archive/1/425505/100/0/threaded http://www.securityfocus.com/bid/16630 http://www.securityfocus.com/bid/16731 http://www.vupen.com/english/advisories/2006/0524 https://exchange.xforce.ibmcloud.com/vulnerabilities/24570