Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inventivetec mediacast vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0216
authenticate_ad_setup_finished.cfm in MediaCAST 8 and previous versions allows remote malicious users to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
Inventivetec Mediacast
NA
CVE-2011-2076
MediaCAST 8 and previous versions stores passwords in cleartext, which makes it easier for context-dependent malicious users to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.
Inventivetec Mediacast
NA
CVE-2011-2077
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and previous versions enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote malicious users to have an unspecifie...
Inventivetec Mediacast
NA
CVE-2011-2078
Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Inventivetec Mediacast
NA
CVE-2011-2079
MediaCAST 8 and previous versions allows remote malicious users to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue.
Inventivetec Mediacast
NA
CVE-2011-2080
Multiple SQL injection vulnerabilities in MediaCAST 8 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finish...
Inventivetec Mediacast
NA
CVE-2011-2081
MediaCAST 8 and previous versions does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote malicious users to obtain sensitive information via unspecified vectors related to the Public/ directory tree.
Inventivetec Mediacast
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started