CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gadu-gadu » Gadu-gadu Instant Messenger : Security Vulnerabilities Published In 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-3892 2005-11-29 2008-09-05
5.0
None Remote Low Not required Partial None None
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
2 CVE-2005-3891 DoS Overflow 2005-11-29 2008-09-05
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
3 CVE-2005-3890 DoS 2005-11-29 2008-09-05
7.8
None Remote Low Not required None None Complete
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
4 CVE-2005-3889 DoS 2005-11-29 2008-09-05
7.8
None Remote Low Not required None None Complete
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
5 CVE-2005-3888 DoS 2005-11-29 2008-09-05
7.8
None Remote Low Not required None None Complete
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
6 CVE-2005-3887 DoS 2005-11-29 2008-09-05
5.4
None Remote High Not required None None Complete
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
7 CVE-2004-1233 DoS Overflow 2005-01-10 2008-09-05
5.0
None Remote Low Not required None None Partial
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.
8 CVE-2004-1232 Exec Code Overflow 2005-01-10 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.
9 CVE-2004-1231 Dir. Trav. 2005-01-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.
10 CVE-2004-1230 2005-01-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.
11 CVE-2004-1229 XSS 2005-01-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.
Total number of vulnerabilities : 11   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.