Vulnerabilities > CVE-2014-2042 - Arbitrary File Upload vulnerability in Livetecs Timelive

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

livetecs

NVD

Published: 2014-04-28

Updated: 2018-10-09

Summary

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/. Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"

Vulnerable Configurations

Part	Description	Count
Application	Livetecs Livetecs Timeline 2.81 Livetecs Timeline 2.91 Livetecs Timeline 2.94 Livetecs Timeline 3.0.1 Livetecs Timeline 3.0.3 Livetecs Timeline 3.0.5 Livetecs Timeline 3.1.1 Livetecs Timeline 3.2.1 Livetecs Timeline 3.5.1 Livetecs Timeline 3.6.1 Livetecs Timeline 3.7.1 Livetecs Timeline 3.8.1 Livetecs Timeline 4.2.1 Livetecs Timeline 4.3.1 Livetecs Timeline 4.9.1 Livetecs Timeline 5.2.1 Livetecs Timeline 6.0.1 Livetecs Timeline 6.2.1 Livetecs Timeline 6.2.3 Livetecs Timeline 6.2.4 Livetecs Timeline 6.2.6 Livetecs Timeline 6.2.7 Livetecs Timeline 6.2.8 Livetecs Timeline 6.2.71	24

Packetstorm

data source	https://packetstormsecurity.com/files/download/126293/livetecstimelive-upload.txt
id	PACKETSTORM:126293
last seen	2016-12-05
published	2014-04-23
reporter	Richard Hatch
source	https://packetstormsecurity.com/files/126293/Livetecs-Timelive-6.2.71-Unauthenticated-File-Upload.html
title	Livetecs Timelive 6.2.71 Unauthenticated File Upload

Summary

Vulnerable Configurations

Packetstorm

References