CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

CVE-2019-12960

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter pdtsd...

CVE-2019-12964

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject...

CVE-2019-12940

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service memory consumption in knowledgebase.php via a large integer value of the depth parameter...

CVE-2019-12939

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the pextrse parameter...

EUVD-2019-4537

Malware in sbrugna...

EUVD-2019-4536

Malware in sbrugna...

EUVD-2019-4515

Malware in sbrugna...

EUVD-2019-4539

Malware in sbrugna...

EUVD-2019-4535

Malware in sbrugna...

EUVD-2019-4516

Malware in sbrugna...

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

CVE-2019-12962

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...

Weekly exploit digest – March, 15-21 – VMware View Planner, Win32k ConsoleControl, Microsoft Windows Containers DP API

Welcome to our weekly exploit digest! We should say this hasnt been a big week because guys keep producing exploits for the vulnerabilities discovered in the 1st half of March. Nevertheless, we have some new good arrivals for VMware, MS Windows and Win32 to talk about. New 4+ scored exploits have...

LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version: LiveZilla Server 8.0.1...

LiveZilla Server Cross-Site Scripting Vulnerability (CNVD-2019-21247)

LiveZilla is a free online customer service system, based on PHP architecture, can run on Linux hosts or windows hosts, mainly divided into the client, server and server side LiveZilla Server. LiveZilla Server 8.0.1.1 before the version of the chat.php create work order operation exists cross-sit...

LiveZilla Server CSV Injection Vulnerability

LiveZilla is a free online customer service system, based on PHP architecture, can run on Linux hosts or windows hosts, mainly divided into the client, server and server side LiveZilla Server. LiveZilla Server 8.0.1.1 before the version of the export function exists CSV injection vulnerability, a...

LiveZilla Server Cross-Site Scripting Vulnerability (CNVD-2019-21246)

LiveZilla is a free online customer service system, based on PHP architecture, can run on Linux hosts or windows hosts, mainly divided into the client, server and server side LiveZilla Server. LiveZilla Server 8.0.1.1 before the version of mobile/index.php there is a cross-site scripting...

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

CVE-2019-12960

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter pdtsd...