4 matches found
Cross site scripting
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an...
CVE-2013-7385
Technical details about this CVE are not publicly available in the provided Connected documents. Monitor for updates.
LiveZilla 5.1.2.0 Insecure password storage
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...
LiveZilla < 5.1.2.1 Multiple Vulnerabilities
The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version...