2 matches found
CVE-2014-1217
Livetecs Timelive prior to version 6.2.8 has an unauthenticated access flaw in systemsetting.aspx that enables remote attackers to alter configurations and disclose the database connection string and credentials. The vulnerability affects Timelive 6.2.71 and similar build variants; fixed in 6.2.8...
CVE-2014-2042
CVE-2014-2042 affects Livetecs Timelive; unrestricted file upload in the Manage Project functionality (Uploads/) enables remote code execution. Affected: Timelive up to version 6.2.71. Root cause: lack of file-type restrictions and permissive Read/Execute on uploaded files. Impact: potential arbi...