CVE-2014-1217
N/A
N/A
Summary
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/
- http://www.securityfocus.com/archive/1/531911/100/0/threaded
- http://www.securityfocus.com/bid/67043
- http://seclists.org/fulldisclosure/2014/Apr/259
References
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/
- http://www.securityfocus.com/archive/1/531911/100/0/threaded
- http://www.securityfocus.com/bid/67043
- http://seclists.org/fulldisclosure/2014/Apr/259
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.