Livetecs Timelive prior to 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote malicious users to change configurations and obtain the database connection string and credentials via unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
livetecs timeline 6.2.4 |
||
livetecs timeline 6.2.3 |
||
livetecs timeline 3.8.1 |
||
livetecs timeline 3.7.1 |
||
livetecs timeline 3.0.1 |
||
livetecs timeline 2.94 |
||
livetecs timeline 6.2.71 |
||
livetecs timeline 5.2.1 |
||
livetecs timeline 4.9.1 |
||
livetecs timeline 3.2.1 |
||
livetecs timeline 3.1.1 |
||
livetecs timeline 6.2.1 |
||
livetecs timeline 6.0.1 |
||
livetecs timeline 3.6.1 |
||
livetecs timeline 3.5.1 |
||
livetecs timeline 2.91 |
||
livetecs timeline 2.81 |
||
livetecs timeline 6.2.7 |
||
livetecs timeline 6.2.6 |
||
livetecs timeline 7.1.1 |
||
livetecs timeline 4.3.1 |
||
livetecs timeline 4.2.1 |
||
livetecs timeline 3.0.5 |
||
livetecs timeline 3.0.3 |
Vulmon