Shodan
Vulnerabilities
Vulnerable Software
Inventivetec:  Security Vulnerabilities
CVE-2011-2076
MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-05-10
CVE-2011-2077
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-05-10
CVE-2011-2078
Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2011-05-10
CVE-2011-2079
MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-05-10
CVE-2011-2080
Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-05-10
CVE-2011-2081
MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-05-10
CVE-2010-0216
authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved