2 matches found
CVE-2018-18930
The CVE-2018-18930 entry describes an arbitrary file upload vulnerability in Tightrope Media Carousel (7.0.4.104) within the Manage Bulletins/Upload feature. An authenticated attacker can craft a ZIP (based on an exported Bulletin backup) containing a malicious file; the system only checks for re...
CVE-2018-18931
CVE-2018-18931 affects Tightrope Media Carousel (v7.0.4.104). The issue arises from insecure default permissions on C:\TRMS\Services, enabling an attacker with system access to replace Carousel.Service.exe with a malicious executable. This independent service can be manipulated without affecting ...