actiTIME 2015.2 suffers from multiple security vulnerabilities including open redirection, HTTP response splitting, and unquoted service path elevation of privilege.