CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Rob Flynn : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-2370 DoS 2005-07-26 2010-08-21
5.0
None Remote Low Not required None None Partial
Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
2 CVE-2005-2103 DoS Exec Code Overflow 2005-08-16 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
3 CVE-2005-2102 DoS 2005-08-16 2010-08-21
5.0
None Remote Low Not required None None Partial
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
4 CVE-2005-1934 DoS 2005-05-19 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
5 CVE-2005-1269 DoS 2005-06-16 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
6 CVE-2005-1262 DoS 2005-05-11 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.
7 CVE-2005-1261 Exec Code Overflow 2005-05-11 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
8 CVE-2005-0967 DoS 2005-05-02 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
9 CVE-2005-0966 DoS 2005-05-02 2010-08-21
6.4
None Remote Low Not required None Partial Partial
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
10 CVE-2005-0965 DoS 2005-05-02 2010-08-21
5.0
None Remote Low Not required None None Partial
The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.
11 CVE-2005-0573 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.
12 CVE-2005-0473 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
13 CVE-2005-0472 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
14 CVE-2005-0208 DoS 2005-05-02 2010-08-21
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
15 CVE-2004-2589 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.
16 CVE-2004-0891 DoS Exec Code Overflow 2005-01-27 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
17 CVE-2004-0785 DoS Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.
18 CVE-2004-0784 Exec Code 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
19 CVE-2004-0754 DoS Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
20 CVE-2004-0500 DoS Exec Code Overflow 2004-09-28 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
21 CVE-2004-0008 DoS Exec Code Overflow 2004-03-03 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
22 CVE-2004-0007 DoS Exec Code Overflow 2004-03-03 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
23 CVE-2004-0006 DoS Exec Code Overflow 2004-03-03 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
24 CVE-2004-0005 DoS Exec Code Overflow 2004-03-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
25 CVE-2002-0989 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.
26 CVE-2002-0384 Exec Code Overflow 2002-10-04 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
27 CVE-2002-0377 2002-05-29 2008-09-05
2.1
None Local Low Not required Partial None None
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
28 CVE-2000-1172 DoS Exec Code Overflow 2001-01-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.