CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Livezilla » Livezilla » 3.2.0.2 : Security Vulnerabilities

Cpe Name:cpe:/a:livezilla:livezilla:3.2.0.2
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-12964 79 XSS 2019-06-25 2019-06-25
4.3
None Remote Medium Not required None Partial None
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
2 CVE-2019-12963 79 XSS 2019-06-25 2019-06-25
4.3
None Remote Medium Not required None Partial None
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
3 CVE-2019-12962 79 XSS 2019-06-25 2019-06-25
4.3
None Remote Medium Not required None Partial None
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
4 CVE-2019-12961 74 2019-06-25 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
5 CVE-2019-12960 89 Sql 2019-06-25 2019-06-25
7.5
None Remote Low Not required Partial Partial Partial
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
6 CVE-2019-12940 400 DoS 2019-06-24 2019-06-24
7.1
None Remote Medium Not required None None Complete
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.
7 CVE-2019-12939 89 Sql 2019-06-24 2019-06-26
7.5
None Remote Low Not required Partial Partial Partial
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
8 CVE-2017-15869 79 XSS 2018-01-18 2019-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
9 CVE-2013-7034 94 Exec Code 2014-05-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
10 CVE-2013-7032 79 XSS 2014-02-14 2017-08-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.
11 CVE-2013-7003 79 XSS 2014-05-05 2014-06-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.
12 CVE-2013-7002 79 XSS 2013-12-20 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.
13 CVE-2013-6224 79 XSS 2013-12-10 2017-08-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.
14 CVE-2013-6223 255 2014-06-09 2014-06-24
2.1
None Local Low Not required Partial None None
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
15 CVE-2010-4276 79 XSS 2010-12-30 2011-01-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.
Total number of vulnerabilities : 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.