Livezilla

Livezilla

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-15869

Exploit
  • EPSS 0.39%
  • Veröffentlicht 18.01.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:15:22

Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.

2.1

CVE-2013-6223

Exploit
  • EPSS 0.06%
  • Veröffentlicht 09.06.2014 19:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.

6.8

CVE-2013-7385

Exploit
  • EPSS 0.44%
  • Veröffentlicht 19.05.2014 14:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the l...

4.3

CVE-2013-7033

Exploit
  • EPSS 0.25%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and log...

7.5

CVE-2013-7034

  • EPSS 0.7%
  • Veröffentlicht 05.05.2014 17:06:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

4.3

CVE-2013-7003

Exploit
  • EPSS 0.26%
  • Veröffentlicht 05.05.2014 17:06:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.

4.3

CVE-2013-7032

  • EPSS 0.26%
  • Veröffentlicht 14.02.2014 19:55:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource cre...

4.3

CVE-2013-7002

Exploit
  • EPSS 0.34%
  • Veröffentlicht 21.12.2013 00:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.

4.3

CVE-2013-6224

Exploit
  • EPSS 0.45%
  • Veröffentlicht 10.12.2013 16:11:19
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information ...

4.3

CVE-2010-4276

Exploit
  • EPSS 4.68%
  • Veröffentlicht 30.12.2010 19:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to serv...