Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.Referenceshttp://www.securityfocus.com/archive/1/509996/100/0/threadedhttp://secunia.com/advisories/38739http://secunia.com/secunia_research/2010-12/http://www.osvdb.org/62830https://exchange.xforce.ibmcloud.com/vulnerabilities/56800http://www.securityfocus.com/bid/38642
