CVE-2014-1217
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0059 (0.6%)
Percentil: 69.1%
EPSS: 2026-05-06
Afecta
livetecs:timelineDescripción técnica
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Publicada: 28/4/2014, 14:09:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://seclists.org/fulldisclosure/2014/Apr/259
- http://www.securityfocus.com/archive/1/531911/100/0/threaded
- http://www.securityfocus.com/bid/67043
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/
- http://seclists.org/fulldisclosure/2014/Apr/259
- http://www.securityfocus.com/archive/1/531911/100/0/threaded
- http://www.securityfocus.com/bid/67043
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/