CVE-2014-1217 Information

Description

Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.

Reference

http://seclists.org/fulldisclosure/2014/Apr/259 http://www.securityfocus.com/archive/1/531911/100/0/threaded http://www.securityfocus.com/bid/67043 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/