Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inventivetec mediacast vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2010-0216
authenticate_ad_setup_finished.cfm in MediaCAST 8 and previous versions allows remote malicious users to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
Inventivetec Mediacast
5
CVSSv2
CVE-2011-2076
MediaCAST 8 and previous versions stores passwords in cleartext, which makes it easier for context-dependent malicious users to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.
Inventivetec Mediacast
7.5
CVSSv2
CVE-2011-2077
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and previous versions enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote malicious users to have an unspecifie...
Inventivetec Mediacast
4.3
CVSSv2
CVE-2011-2078
Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Inventivetec Mediacast
7.5
CVSSv2
CVE-2011-2079
MediaCAST 8 and previous versions allows remote malicious users to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue.
Inventivetec Mediacast
7.5
CVSSv2
CVE-2011-2080
Multiple SQL injection vulnerabilities in MediaCAST 8 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finish...
Inventivetec Mediacast
5
CVSSv2
CVE-2011-2081
MediaCAST 8 and previous versions does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote malicious users to obtain sensitive information via unspecified vectors related to the Public/ directory tree.
Inventivetec Mediacast
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started