176 matches found
CVE-2013-7033
CVE-2013-7033 affects LiveZilla prior to 5.1.2.1. The issue arises because the operator password is included in plaintext in Javascript generated by lz/mobile/chat.php, enabling an independent XSS to retrieve loginName and loginPassword and potentially gain privileges. Multiple sources (NVD, Red ...
CVE-2013-7034
The setCookieValue function in lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie...
CVE-2013-7003
Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...
CVE-2013-7003
Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...
CVE-2013-7034
The setCookieValue function in lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie...
CVE-2013-7003
LiveZilla CVE-2013-7003 describes multiple stored XSS vulnerabilities in the Webbased Operator Client affecting versions before 5.1.2.0. Attackers could inject arbitrary script via (1) full name, (2) company, or (3) filename used in chat.php. The vulnerability is mitigated by upgrading to 5.1.2.0...
CVE-2013-7034
LiveZilla is vulnerable to PHP Object Injection through the setCookieValue() function in _lib/functions.global.inc.php. The issue allows an attacker to inject a serialized PHP object via a cookie, enabling remote code execution. This vulnerability affects LiveZilla up to version 5.1.2.0 and is fi...
LiveZilla Password Disclosure Vulnerability
LiveZilla is prone to password disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:livezilla:livezilla";...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...
CVE-2013-7032
CVE-2013-7032 affects LiveZilla’s web-based operator client up to version 5.1.2.0 (fixed in 5.1.2.1). The vulnerability enables multiple stored XSS via (1) the name of an uploaded file and (2) the customer name in a resource created from an uploaded file, allowing injected scripts in the operator...
CVE-2013-7032
Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...
LiveZilla 5.1.2.0 Insecure password storage
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...
LiveZilla 5.1.2.0 PHP Object Injection
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
LiveZilla 5.1.1.0 Stored XSS in operator clients
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
CVE-2013-7002
Cross-site scripting XSS vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the glanguage parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the glanguage parameter...
CVE-2013-7002
LiveZilla 5.1.0.0 is vulnerable to a reflected XSS in mobile/php/translation/index.php via the g_language parameter. The issue allows remote attackers to inject arbitrary script/HTML and is classified with CVSS v2 base score 4.3 (I: Partial). A fix was released and the vulnerability is fixed in L...
LiveZilla < 5.1.2.1 Multiple Vulnerabilities
The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version...