Vulnerabilities > Livezilla > Livezilla > 4.2.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-09 | CVE-2013-6223 | Credentials Management vulnerability in Livezilla LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | 2.1 |
2014-05-19 | CVE-2013-7385 | Cryptographic Issues vulnerability in Livezilla LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 6.8 |
2014-05-19 | CVE-2013-7033 | Cryptographic Issues vulnerability in Livezilla LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 4.3 |
2014-05-05 | CVE-2013-7034 | Code Injection vulnerability in Livezilla The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | 7.5 |
2014-05-05 | CVE-2013-7003 | Cross-Site Scripting vulnerability in Livezilla Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | 4.3 |
2014-02-14 | CVE-2013-7032 | Cross-Site Scripting vulnerability in Livezilla Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003. | 4.3 |
2013-12-21 | CVE-2013-7002 | Cross-Site Scripting vulnerability in Livezilla Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. | 4.3 |
2013-12-10 | CVE-2013-6224 | Cross-Site Scripting vulnerability in Livezilla Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section. | 4.3 |