Lucene search
+L

176 matches found

CVE
CVE
added 2014/05/19 2:0 p.m.69 views

CVE-2013-7033

CVE-2013-7033 affects LiveZilla prior to 5.1.2.1. The issue arises because the operator password is included in plaintext in Javascript generated by lz/mobile/chat.php, enabling an independent XSS to retrieve loginName and loginPassword and potentially gain privileges. Multiple sources (NVD, Red ...

4.3CVSS6AI score0.01159EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2014/05/05 5:6 p.m.26 views

CVE-2013-7034

The setCookieValue function in lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie...

7.5CVSS7.5AI score0.01583EPSS
Exploits0References4
NVD
NVD
added 2014/05/05 5:6 p.m.47 views

CVE-2013-7003

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...

4.3CVSS5.6AI score0.01854EPSS
Exploits2References4
Prion
Prion
added 2014/05/05 5:6 p.m.26 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...

4.3CVSS5.8AI score0.01854EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2014/05/05 5:0 p.m.52 views

CVE-2013-7003

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...

5.6AI score0.01854EPSS
Exploits2References4
Cvelist
Cvelist
added 2014/05/05 5:0 p.m.33 views

CVE-2013-7034

The setCookieValue function in lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie...

7.4AI score0.01583EPSS
Exploits0References4
CVE
CVE
added 2014/05/05 5:0 p.m.64 views

CVE-2013-7003

LiveZilla CVE-2013-7003 describes multiple stored XSS vulnerabilities in the Webbased Operator Client affecting versions before 5.1.2.0. Attackers could inject arbitrary script via (1) full name, (2) company, or (3) filename used in chat.php. The vulnerability is mitigated by upgrading to 5.1.2.0...

4.3CVSS5.6AI score0.01854EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2014/05/05 5:0 p.m.58 views

CVE-2013-7034

LiveZilla is vulnerable to PHP Object Injection through the setCookieValue() function in _lib/functions.global.inc.php. The issue allows an attacker to inject a serialized PHP object via a cookie, enabling remote code execution. This vulnerability affects LiveZilla up to version 5.1.2.0 and is fi...

7.5CVSS7.7AI score0.01583EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2014/02/19 12:0 a.m.28 views

LiveZilla Password Disclosure Vulnerability

LiveZilla is prone to password disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:livezilla:livezilla";...

4.3CVSS6.5AI score0.01159EPSS
Exploits2References4
Prion
Prion
added 2014/02/14 7:55 p.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...

4.3CVSS5.8AI score0.01854EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2014/02/14 7:0 p.m.66 views

CVE-2013-7032

CVE-2013-7032 affects LiveZilla’s web-based operator client up to version 5.1.2.0 (fixed in 5.1.2.1). The vulnerability enables multiple stored XSS via (1) the name of an uploaded file and (2) the customer name in a resource created from an uploaded file, allowing injected scripts in the operator...

4.3CVSS5.6AI score0.01792EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/02/14 7:0 p.m.36 views

CVE-2013-7032

Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...

5.6AI score0.01792EPSS
Exploits0References4
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.78 views

LiveZilla 5.1.2.0 Insecure password storage

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...

4.3CVSS0.2AI score0.01159EPSS
Exploits2
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.76 views

LiveZilla 5.1.2.0 PHP Object Injection

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

7.5CVSS0.8AI score0.01583EPSS
Exploits0
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.128 views

LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.9AI score0.01854EPSS
Exploits2
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.76 views

LiveZilla 5.1.1.0 Stored XSS in operator clients

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS1.1AI score0.01854EPSS
Exploits2
NVD
NVD
added 2013/12/21 12:55 a.m.13 views

CVE-2013-7002

Cross-site scripting XSS vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the glanguage parameter...

4.3CVSS5.6AI score0.01208EPSS
Exploits2References5
Prion
Prion
added 2013/12/21 12:55 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the glanguage parameter...

4.3CVSS6.1AI score0.01208EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2013/12/21 12:0 a.m.61 views

CVE-2013-7002

LiveZilla 5.1.0.0 is vulnerable to a reflected XSS in mobile/php/translation/index.php via the g_language parameter. The issue allows remote attackers to inject arbitrary script/HTML and is classified with CVSS v2 base score 4.3 (I: Partial). A fix was released and the vulnerability is fixed in L...

4.3CVSS5.7AI score0.01208EPSS
Exploits2References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/12/18 12:0 a.m.59 views

LiveZilla < 5.1.2.1 Multiple Vulnerabilities

The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version...

7.5CVSS5.6AI score0.01854EPSS
Exploits4References6
Rows per page
Query Builder