Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2042

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2042
Last Modified 29 Apr 2014 08:18:50
Published 28 Apr 2014 10:09:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2042

Summary

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.

Vulnerable Systems

Application

  • Livetecs Timeline 2.81

  • Livetecs Timeline 2.91

  • Livetecs Timeline 2.94

  • Livetecs Timeline 3.0.1

  • Livetecs Timeline 3.0.3

  • Livetecs Timeline 3.0.5

  • Livetecs Timeline 3.1.1

  • Livetecs Timeline 3.2.1

  • Livetecs Timeline 3.5.1

  • Livetecs Timeline 3.6.1

  • Livetecs Timeline 3.7.1

  • Livetecs Timeline 3.8.1

  • Livetecs Timeline 4.2.1

  • Livetecs Timeline 4.3.1

  • Livetecs Timeline 4.9.1

  • Livetecs Timeline 5.2.1

  • Livetecs Timeline 6.0.1

  • Livetecs Timeline 6.2.1

  • Livetecs Timeline 6.2.3

  • Livetecs Timeline 6.2.4

  • Livetecs Timeline 6.2.6

  • Livetecs Timeline 6.2.7

  • Livetecs Timeline 6.2.71

  • Livetecs Timeline 6.2.8


References

BUGTRAQ - 20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive


Last Updated: 27 May 2016 11:05:06