← Retour aux CVEs
CVE-2014-1217
N/ADescription
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Details CVE
Score CVSS v3.1N/A
Publie4/28/2014
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
livetecs:timeline
Faiblesses (CWE)
CWE-264
References
http://seclists.org/fulldisclosure/2014/Apr/259(cve@mitre.org)
http://www.securityfocus.com/archive/1/531911/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/67043(cve@mitre.org)
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/(cve@mitre.org)
http://seclists.org/fulldisclosure/2014/Apr/259(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/531911/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67043(af854a3a-2127-422b-91ae-364da2661108)
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.