Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Timeline | Livetecs | 4.3.1 | 4.3.1 |
Timeline | Livetecs | 3.8.1 | 3.8.1 |
Timeline | Livetecs | 7.1.1 | 7.1.1 |
Timeline | Livetecs | 4.9.1 | 4.9.1 |
Timeline | Livetecs | 5.2.1 | 5.2.1 |
Timeline | Livetecs | 6.2.4 | 6.2.4 |
Timeline | Livetecs | 3.5.1 | 3.5.1 |
Timeline | Livetecs | 3.6.1 | 3.6.1 |
Timeline | Livetecs | 6.2.3 | 6.2.3 |
Timeline | Livetecs | 3.7.1 | 3.7.1 |
Timeline | Livetecs | 3.0.1 | 3.0.1 |
Timeline | Livetecs | 6.2.6 | 6.2.6 |
Timeline | Livetecs | 4.2.1 | 4.2.1 |
Timeline | Livetecs | 2.81 | 2.81 |
Timeline | Livetecs | 2.94 | 2.94 |
Timeline | Livetecs | 6.2.71 | 6.2.71 |
Timeline | Livetecs | 3.1.1 | 3.1.1 |
Timeline | Livetecs | 6.2.1 | 6.2.1 |
Timeline | Livetecs | 2.91 | 2.91 |
Timeline | Livetecs | 3.2.1 | 3.2.1 |
Timeline | Livetecs | 6.0.1 | 6.0.1 |
Timeline | Livetecs | 6.2.7 | 6.2.7 |
Timeline | Livetecs | 3.0.3 | 3.0.3 |
Timeline | Livetecs | 3.0.5 | 3.0.5 |