Vulnerabilites related to cerulean_studios - trillian
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.74i |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF2AD0-094A-4AFF-8F20-D39E8BA72EE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character."
}
],
"id": "CVE-2004-1666",
"lastModified": "2024-11-20T23:51:27.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109466618609375\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12487"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://unsecure.altervista.org/security/trillian.htm"
},
{
"source": "cve@mitre.org",
"url": "http://unsecure.altervista.org/security/trillianbof.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11142"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109466618609375\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://unsecure.altervista.org/security/trillian.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://unsecure.altervista.org/security/trillianbof.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.725 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name."
}
],
"id": "CVE-2002-2155",
"lastModified": "2024-11-20T23:43:00.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9761.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9761.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5388"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-05 21:02
Modified
2024-11-21 00:01
Severity ?
Summary
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ."
}
],
"id": "CVE-2005-3141",
"lastModified": "2024-11-21T00:01:12.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-05T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112837909626441\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/43"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112837909626441\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.725 | |
| cerulean_studios | trillian | 0.6351 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts."
}
],
"id": "CVE-2002-2162",
"lastModified": "2024-11-20T23:43:00.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10092.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/291071"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10092.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/291071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 06:44
Modified
2024-11-21 00:54
Severity ?
Summary
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA247F0B-0D36-4B8F-8F90-C81F26F05E53",
"versionEndIncluding": "3.1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "047EC674-59D9-444A-96EC-A08067E8F80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "65AAC782-32C6-4D83-BAF3-ABD32FF3F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B04BC0A1-D2DD-4D09-8AA2-6FC779F9CC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "59F43D1E-9367-4955-9411-AF9DA5E8B153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2E34AA38-B571-45C6-B5E1-9750F79D8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB4E73-6706-4BC6-85A0-DA401D922980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08956C-441D-418B-A966-7C0D785BDCA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "B635EEDE-6D99-4C12-ACC2-145AE3D6892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B0F08-4782-4C58-8455-835FCAD6081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*",
"matchCriteriaId": "7106A436-3061-4818-B8A3-A949823154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*",
"matchCriteriaId": "C1340171-B37F-47EF-A446-3C95EE5157A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5CAF65-2E39-4CA8-B251-4E14B5BCB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*",
"matchCriteriaId": "5A362992-03FF-413A-805B-A9C99D86F266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF2AD0-094A-4AFF-8F20-D39E8BA72EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.635:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA0CC6-4A15-41DA-BF90-46668583EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B0C703-7A48-449E-8C45-FB3934D79925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "A9E40FB1-B179-4E27-9680-ABAC7D9E14F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "E3665E59-DD7D-4596-8437-D660AF6D4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDD3B6B-7AFD-4AD2-AC9A-9652010D3331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "FCC63410-5FDB-444B-AF2F-F1410F7DE20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "35A0358C-CA5C-4722-89AA-31F1189ED6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D922E4FB-BAD1-45B6-B45D-4B7A3B338EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:basic:*:*:*:*:*",
"matchCriteriaId": "DB644E01-38AB-40B0-B3B9-23035A83F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "1B65FA71-2E12-4F65-B3D0-565C3F70E4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*",
"matchCriteriaId": "D8694251-340A-41B1-92A7-6354FFEF6DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:*:*:*:*:*:*:*",
"matchCriteriaId": "BA02C4B5-4866-4705-9B25-F4D867BB7D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FC73-E06D-4FCE-8555-E448AE8B468A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E329DC-435A-4201-916D-2460A18BA9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0967000-D0D6-479A-BBCD-E9CCE0C9686C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4392C7CE-A428-4311-BD18-46B371EDF862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED2E92-F8E5-4DDC-A5FD-8B12557BC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "79B4DE7F-9854-4D56-9376-007FA794E032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7299CCB-32EF-47E8-AFE6-A78DCC5EC9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB316B-2F3F-4E3E-967F-65383AA9D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFE0C5F-CEEB-44D8-B949-2CEBF02AB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F895BBC-AD93-4B9E-9306-CF45AB6C97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67D526-06A8-40DA-BD53-7E31CA1BF202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7743FA8-9C43-4774-9FAA-DBEC02F676EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76895B98-D51F-42E1-8247-61AB7EF027A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:*:*:*:*:*:*:*",
"matchCriteriaId": "07C47987-82A8-4653-8AF6-3B831144BD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEACE88-949A-4682-BCFE-4FBBCE02546D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7227CE5-CE2B-4B80-9CF5-137A0B101314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E64CC47-F11E-4DA9-AEFE-70DF7AD4C8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439FB835-1D41-49E2-953E-E774E4210D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5686234A-2588-4C20-8F3A-C8E5AFA3DD7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to \"AIM IMG Tag Parsing.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la implementaci\u00f3n del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de imagen con un nombre largo. Relacionado con \"AIM IMG Tag Parsing.\""
}
],
"id": "CVE-2008-5401",
"lastModified": "2024-11-21T00:54:01.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-10T06:44:41.893",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50472"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33001"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4700"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021335"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response."
}
],
"id": "CVE-2002-2156",
"lastModified": "2024-11-20T23:43:00.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/285639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/285639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/285695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-02 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aol | instant_messenger | 4.0 | |
| aol | instant_messenger | 4.1 | |
| aol | instant_messenger | 4.2 | |
| aol | instant_messenger | 4.3 | |
| aol | instant_messenger | 4.3.2229 | |
| aol | instant_messenger | 4.4 | |
| aol | instant_messenger | 4.5 | |
| aol | instant_messenger | 4.6 | |
| aol | instant_messenger | 4.7 | |
| aol | instant_messenger | 4.7.2480 | |
| cerulean_studios | trillian | 0.6351 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E00F0805-8C73-43B1-87AC-744434046E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3098DC2A-6A68-4160-9DAC-8F31A49BA45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7577EED-D28B-430A-B554-CE40D9154893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E81E472E-45B5-465B-B2D7-40F906AC31E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.3.2229:*:*:*:*:*:*:*",
"matchCriteriaId": "50A04B5F-F17B-4177-861B-66DFD4FBE225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D8157E-3447-44BF-AC22-5A65F4C707E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA52A0F-2A09-4FA8-AC10-2D1B6B41D13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4FA9B9-E98C-435C-9F7A-D62E348D92D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E0ADB0D5-BD25-488D-87D3-426ABB036B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aol:instant_messenger:4.7.2480:*:*:*:*:*:*:*",
"matchCriteriaId": "11FCCE0C-E6F9-4A01-872E-38C5F23C479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of \"\u003c!--\" HTML comments."
}
],
"evaluatorComment": "Fixed in Win AIM Beta 4.8.2540 posted Nov. 19th.",
"id": "CVE-2001-1419",
"lastModified": "2024-11-20T23:37:38.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/507771"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3398"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/507771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-21 01:30
Modified
2024-11-21 00:32
Severity ?
Summary
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131A15F8-F7F3-4CBD-A69A-E01690D96971",
"versionEndIncluding": "3.1.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje enviado a trav\u00e9s del protocolo MSN, o posiblemente otros protocolos, con una cadena UTF-8 artesanal, lo cual provoca un reserva de memoria no v\u00e1lida cuando el ancho de ventana es usado como tama\u00f1o de b\u00fafer, una vulnerabilidad diferente que CVE-2007-2478."
}
],
"id": "CVE-2007-3305",
"lastModified": "2024-11-21T00:32:54.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-21T01:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.ceruleanstudios.com/?p=150"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37446"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25736"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/187033"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24523"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018265"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2246"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.ceruleanstudios.com/?p=150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/187033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34918"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-23 15:32
Modified
2024-11-21 00:46
Severity ?
Summary
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.71 | |
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian | 0.74i | |
| cerulean_studios | trillian | 0.725 | |
| cerulean_studios | trillian | 0.6351 | |
| cerulean_studios | trillian | 2.0 | |
| cerulean_studios | trillian | 2.1 | |
| cerulean_studios | trillian | 3.0 | |
| cerulean_studios | trillian | 3.1 | |
| cerulean_studios | trillian | 3.1.5.0 | |
| cerulean_studios | trillian | 3.1.5.1 | |
| cerulean_studios | trillian | 3.1.6.0 | |
| cerulean_studios | trillian | 3.1.7.0 | |
| cerulean_studios | trillian | 3.1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF2AD0-094A-4AFF-8F20-D39E8BA72EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDD3B6B-7AFD-4AD2-AC9A-9652010D3331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D922E4FB-BAD1-45B6-B45D-4B7A3B338EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FC73-E06D-4FCE-8555-E448AE8B468A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E329DC-435A-4201-916D-2460A18BA9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0967000-D0D6-479A-BBCD-E9CCE0C9686C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED2E92-F8E5-4DDC-A5FD-8B12557BC8F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de atributos no especificados en la cabecera X-MMS-IM-FORMAT en un mensaje MSN.\r\n"
}
],
"id": "CVE-2008-2409",
"lastModified": "2024-11-21T00:46:49.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-23T15:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30336"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020106"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29330"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1622"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42576"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-17 22:30
Modified
2024-11-21 00:34
Severity ?
Summary
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el manejador del protocolo AOL Instant Messenger (AIM) en IM.DLL en Cerulean Studios Trillian permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un aim malformado: URI, como se demostr\u00f3 con una URI larga que comenzaba con la subcadena ///#1111111/"
}
],
"id": "CVE-2007-3832",
"lastModified": "2024-11-21T00:34:10.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-17T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26086"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/786920"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24927"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"source": "cve@mitre.org",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/786920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-03 00:19
Modified
2024-11-21 00:30
Severity ?
Summary
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1 | |
| cerulean_studios | trillian | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:basic:*:*:*",
"matchCriteriaId": "173EFB5F-7495-48FD-8FE8-DCC11111A5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:pro:*:*:*",
"matchCriteriaId": "F734536E-BB33-4FF3-A510-C9370DE9DDF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker."
},
{
"lang": "es",
"value": "Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos obtener informacion potencialmente sensible a trav\u00e9s de mensajes CTCP PING largo que contienen caracteres UTF-8, lo cual genera una respuesta malformada que no est\u00e1 truncado por una nueva linea, lo cual puede provovcar que porciones de una mensaje de servidor sean enviados a el atacante."
}
],
"id": "CVE-2007-2479",
"lastModified": "2024-11-21T00:30:53.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2007-05-03T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/35722"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25086"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/23730"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id?1017982"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/1596"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/35722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/23730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id?1017982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.71 | |
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian | 0.74b | |
| cerulean_studios | trillian | 0.74c | |
| cerulean_studios | trillian | 0.74d | |
| cerulean_studios | trillian | 0.74e | |
| cerulean_studios | trillian | 0.74f | |
| cerulean_studios | trillian | 0.74g | |
| cerulean_studios | trillian | 0.725 | |
| cerulean_studios | trillian_pro | 1.0 | |
| cerulean_studios | trillian_pro | 2.0 | |
| cerulean_studios | trillian_pro | 2.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74b:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8315F3-9E85-479E-9B73-EAC11FFCC3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B0F08-4782-4C58-8455-835FCAD6081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*",
"matchCriteriaId": "7106A436-3061-4818-B8A3-A949823154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*",
"matchCriteriaId": "C1340171-B37F-47EF-A446-3C95EE5157A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5CAF65-2E39-4CA8-B251-4E14B5BCB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*",
"matchCriteriaId": "5A362992-03FF-413A-805B-A9C99D86F266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F895BBC-AD93-4B9E-9306-CF45AB6C97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67D526-06A8-40DA-BD53-7E31CA1BF202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name."
}
],
"id": "CVE-2004-2370",
"lastModified": "2024-11-20T23:53:11.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10973/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009220"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4060"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10973/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15304"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 06:44
Modified
2024-11-21 00:54
Severity ?
Summary
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "047EC674-59D9-444A-96EC-A08067E8F80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "65AAC782-32C6-4D83-BAF3-ABD32FF3F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B04BC0A1-D2DD-4D09-8AA2-6FC779F9CC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "59F43D1E-9367-4955-9411-AF9DA5E8B153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2E34AA38-B571-45C6-B5E1-9750F79D8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB4E73-6706-4BC6-85A0-DA401D922980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08956C-441D-418B-A966-7C0D785BDCA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "B635EEDE-6D99-4C12-ACC2-145AE3D6892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B0F08-4782-4C58-8455-835FCAD6081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*",
"matchCriteriaId": "7106A436-3061-4818-B8A3-A949823154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*",
"matchCriteriaId": "C1340171-B37F-47EF-A446-3C95EE5157A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5CAF65-2E39-4CA8-B251-4E14B5BCB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*",
"matchCriteriaId": "5A362992-03FF-413A-805B-A9C99D86F266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF2AD0-094A-4AFF-8F20-D39E8BA72EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.635:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA0CC6-4A15-41DA-BF90-46668583EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B0C703-7A48-449E-8C45-FB3934D79925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "A9E40FB1-B179-4E27-9680-ABAC7D9E14F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "E3665E59-DD7D-4596-8437-D660AF6D4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDD3B6B-7AFD-4AD2-AC9A-9652010D3331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "FCC63410-5FDB-444B-AF2F-F1410F7DE20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "35A0358C-CA5C-4722-89AA-31F1189ED6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D922E4FB-BAD1-45B6-B45D-4B7A3B338EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:basic:*:*:*:*:*",
"matchCriteriaId": "DB644E01-38AB-40B0-B3B9-23035A83F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "1B65FA71-2E12-4F65-B3D0-565C3F70E4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*",
"matchCriteriaId": "D8694251-340A-41B1-92A7-6354FFEF6DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:*:*:*:*:*:*:*",
"matchCriteriaId": "BA02C4B5-4866-4705-9B25-F4D867BB7D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FC73-E06D-4FCE-8555-E448AE8B468A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E329DC-435A-4201-916D-2460A18BA9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0967000-D0D6-479A-BBCD-E9CCE0C9686C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4392C7CE-A428-4311-BD18-46B371EDF862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED2E92-F8E5-4DDC-A5FD-8B12557BC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "79B4DE7F-9854-4D56-9376-007FA794E032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7299CCB-32EF-47E8-AFE6-A78DCC5EC9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB316B-2F3F-4E3E-967F-65383AA9D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A800667-F882-433C-BB79-DD3D40BE922E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFE0C5F-CEEB-44D8-B949-2CEBF02AB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F895BBC-AD93-4B9E-9306-CF45AB6C97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67D526-06A8-40DA-BD53-7E31CA1BF202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7743FA8-9C43-4774-9FAA-DBEC02F676EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76895B98-D51F-42E1-8247-61AB7EF027A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:*:*:*:*:*:*:*",
"matchCriteriaId": "07C47987-82A8-4653-8AF6-3B831144BD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEACE88-949A-4682-BCFE-4FBBCE02546D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7227CE5-CE2B-4B80-9CF5-137A0B101314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E64CC47-F11E-4DA9-AEFE-70DF7AD4C8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439FB835-1D41-49E2-953E-E774E4210D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5686234A-2588-4C20-8F3A-C8E5AFA3DD7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de etiquetas XML mal formadas."
}
],
"id": "CVE-2008-5403",
"lastModified": "2024-11-21T00:54:01.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-10T06:44:42.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50474"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33001"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4702"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498936/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021336"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-079"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498936/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-29 19:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/35620 | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/504573/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/35509 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/51400 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35620 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504573/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35509 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/51400 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:basic:*:*:*",
"matchCriteriaId": "173EFB5F-7495-48FD-8FE8-DCC11111A5B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate."
},
{
"lang": "es",
"value": "Cerulean Studios Trillian v3.1 Basic no comprueba los certificados SSL durante la autenticaci\u00f3n de MSN, lo cual permite a atacantes remotos obtener credenciales de MSN a trav\u00e9s de un ataque \"man-in-the-middle con un certificado SSL falso."
}
],
"id": "CVE-2009-4831",
"lastModified": "2024-11-21T01:10:34.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-29T19:30:00.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35620"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/504573/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35509"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/504573/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/10161.php | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5775 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10161.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5775 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367."
},
{
"lang": "es",
"value": "El componente IRC de Trillian 0.73 y 0.74 permite a servidores IRC remotos malintencionados causar la Denegaci\u00f3n de Servicio (por caida)mediante el env\u00edo de mensajes \u0027no preparados\u0027 (raw messages): 206, 211, 213, 214, 215, 217, 218, 243, 302, 317, 324, 332, 333, 352, y 367."
}
],
"id": "CVE-2002-1487",
"lastModified": "2024-11-20T23:41:25.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10161.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10161.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 2.0 | |
| cerulean_studios | trillian | 3.0 | |
| cerulean_studios | trillian | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D922E4FB-BAD1-45B6-B45D-4B7A3B338EF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
],
"id": "CVE-2005-0875",
"lastModified": "2024-11-20T23:56:05.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14689"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-29 13:09
Modified
2024-11-21 00:45
Severity ?
Summary
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1.9.0 | |
| cerulean_studios | trillian | 3.1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "79B4DE7F-9854-4D56-9376-007FA794E032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7299CCB-32EF-47E8-AFE6-A78DCC5EC9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la caracter\u00edstica del mensaje Display Names en Cerulean Studios Trillian Basic y Pro 3.1.9.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nickname largo en un mensaje de protocolo MSN."
}
],
"id": "CVE-2008-2008",
"lastModified": "2024-11-21T00:45:52.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-29T13:09:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29952"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3849"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28925"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1368/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1368/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.725 | |
| cerulean_studios | trillian | 0.6351 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml."
}
],
"id": "CVE-2002-2366",
"lastModified": "2024-11-20T23:43:30.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9999.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9999.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5601"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-02 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.0 | |
| cerulean_studios | trillian_pro | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7743FA8-9C43-4774-9FAA-DBEC02F676EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file."
}
],
"id": "CVE-2005-0633",
"lastModified": "2024-11-20T23:55:34.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111023000624809\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12703"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111023000624809\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
],
"id": "CVE-2005-0874",
"lastModified": "2024-11-20T23:56:05.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14689"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013557"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-17 22:30
Modified
2024-11-21 00:34
Severity ?
Summary
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the \"aim: \u0026c:\\\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder."
},
{
"lang": "es",
"value": "El manejador del protocolo de AOL Instant Messenger (AIM) en Cerulean Studios Trillian permite a atacantes remotos crear archivos con contenido de su elecci\u00b4n a trav\u00e9s de ciertos aim: URIs, como se demostr\u00f3 con la URI que comenzaba con la subcadena \"aim: \u0026c:\\\" y contiene el nombre de ruta completo en el campo ini. NOTA: esto podr\u00eda solaparse con la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de la escritura a una carpeta Startup."
}
],
"id": "CVE-2007-3833",
"lastModified": "2024-11-21T00:34:10.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-17T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26086"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24927"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"source": "cve@mitre.org",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35449"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian_pro | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request."
}
],
"id": "CVE-2002-2390",
"lastModified": "2024-11-20T23:43:34.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10118.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10118.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 06:44
Modified
2024-11-21 00:54
Severity ?
Summary
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "047EC674-59D9-444A-96EC-A08067E8F80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "65AAC782-32C6-4D83-BAF3-ABD32FF3F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B04BC0A1-D2DD-4D09-8AA2-6FC779F9CC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "59F43D1E-9367-4955-9411-AF9DA5E8B153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2E34AA38-B571-45C6-B5E1-9750F79D8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB4E73-6706-4BC6-85A0-DA401D922980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08956C-441D-418B-A966-7C0D785BDCA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "B635EEDE-6D99-4C12-ACC2-145AE3D6892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B0F08-4782-4C58-8455-835FCAD6081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*",
"matchCriteriaId": "7106A436-3061-4818-B8A3-A949823154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*",
"matchCriteriaId": "C1340171-B37F-47EF-A446-3C95EE5157A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5CAF65-2E39-4CA8-B251-4E14B5BCB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*",
"matchCriteriaId": "5A362992-03FF-413A-805B-A9C99D86F266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF2AD0-094A-4AFF-8F20-D39E8BA72EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.635:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA0CC6-4A15-41DA-BF90-46668583EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*",
"matchCriteriaId": "43DB5092-2D6E-453E-8BBF-0F1766B983D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B0C703-7A48-449E-8C45-FB3934D79925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "A9E40FB1-B179-4E27-9680-ABAC7D9E14F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256C630F-3F51-4825-A7AB-EE20F5B6EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "E3665E59-DD7D-4596-8437-D660AF6D4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDD3B6B-7AFD-4AD2-AC9A-9652010D3331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E189B6C6-A516-4C23-A67F-F1505D977DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "FCC63410-5FDB-444B-AF2F-F1410F7DE20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "35A0358C-CA5C-4722-89AA-31F1189ED6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D922E4FB-BAD1-45B6-B45D-4B7A3B338EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:basic:*:*:*:*:*",
"matchCriteriaId": "DB644E01-38AB-40B0-B3B9-23035A83F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "1B65FA71-2E12-4F65-B3D0-565C3F70E4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*",
"matchCriteriaId": "D8694251-340A-41B1-92A7-6354FFEF6DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:*:*:*:*:*:*:*",
"matchCriteriaId": "BA02C4B5-4866-4705-9B25-F4D867BB7D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FC73-E06D-4FCE-8555-E448AE8B468A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E329DC-435A-4201-916D-2460A18BA9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4D997-E8CB-45B7-860B-7C8BC64C2CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0967000-D0D6-479A-BBCD-E9CCE0C9686C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4392C7CE-A428-4311-BD18-46B371EDF862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED2E92-F8E5-4DDC-A5FD-8B12557BC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*",
"matchCriteriaId": "79B4DE7F-9854-4D56-9376-007FA794E032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7299CCB-32EF-47E8-AFE6-A78DCC5EC9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB316B-2F3F-4E3E-967F-65383AA9D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A800667-F882-433C-BB79-DD3D40BE922E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFE0C5F-CEEB-44D8-B949-2CEBF02AB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F895BBC-AD93-4B9E-9306-CF45AB6C97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67D526-06A8-40DA-BD53-7E31CA1BF202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7743FA8-9C43-4774-9FAA-DBEC02F676EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76895B98-D51F-42E1-8247-61AB7EF027A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:*:*:*:*:*:*:*",
"matchCriteriaId": "07C47987-82A8-4653-8AF6-3B831144BD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEACE88-949A-4682-BCFE-4FBBCE02546D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7227CE5-CE2B-4B80-9CF5-137A0B101314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E64CC47-F11E-4DA9-AEFE-70DF7AD4C8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439FB835-1D41-49E2-953E-E774E4210D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5686234A-2588-4C20-8F3A-C8E5AFA3DD7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the \"IMG SRC ID.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una expresi\u00f3n XML manipulada. Relacionado con el \"IMG SRC ID\"."
}
],
"id": "CVE-2008-5402",
"lastModified": "2024-11-21T00:54:01.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-10T06:44:41.940",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50473"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33001"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4701"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021334"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.ceruleanstudios.com/?p=404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/10162.php | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5776 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10162.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5776 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in."
},
{
"lang": "es",
"value": "El componente IRC de Trillian 0.73 y 0.74 permite a servidores IRC maliciosos causar la Denegaci\u00f3n de Servicos (DoS) (por caida) mediante un mensaje PART con:\r\n\r\nun canal desaparecido/no existente.\r\nun canal al que el usuario de Trillian no esta conectado. user is not in."
}
],
"id": "CVE-2002-1488",
"lastModified": "2024-11-20T23:41:25.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10162.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10162.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-18 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B0C703-7A48-449E-8C45-FB3934D79925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the \"TypingUser\" string has been modified."
},
{
"lang": "es",
"value": "Trillian 1.0 Pro y 0.74 Freeware permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediente un mensaje TypingUser en el que la cadena \"TypingUser\" ha sido modificada."
}
],
"id": "CVE-2003-0520",
"lastModified": "2024-11-20T23:44:55.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105735714318026\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105735714318026\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8107"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.725 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message."
}
],
"id": "CVE-2002-2173",
"lastModified": "2024-11-20T23:43:02.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9764.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9764.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5389"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.71 | |
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian | 0.725 | |
| cerulean_studios | trillian_pro | 1.0 | |
| cerulean_studios | trillian_pro | 2.0 | |
| cerulean_studios | trillian_pro | 2.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB96CE-AEA5-4644-A41E-F317083B11CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF2FE46-C0A4-4530-9FF6-FDAA6D347E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F895BBC-AD93-4B9E-9306-CF45AB6C97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67D526-06A8-40DA-BD53-7E31CA1BF202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow."
}
],
"id": "CVE-2004-2304",
"lastModified": "2024-11-20T23:53:00.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.seifried.org/pipermail/security/2004-February/001869.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10973"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009220"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4056"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9489"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.seifried.org/pipermail/security/2004-February/001869.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15303"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-04 02:02
Modified
2024-11-21 00:06
Severity ?
Summary
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 3.1.0.120 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*",
"matchCriteriaId": "D8694251-340A-41B1-92A7-6354FFEF6DB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \\\u0027d1, (2) \\\u0027d2, (3) \\\u0027d3, (4) \\\u0027d4, and (5) \\\u0027d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"id": "CVE-2006-0543",
"lastModified": "2024-11-21T00:06:42.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-04T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-04 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/51190 | Broken Link | |
| cve@mitre.org | http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/bid/56454 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51190 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56454 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 5.1.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:5.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "33795CFB-6DA3-4E44-8AF4-1257F2D5E750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831."
},
{
"lang": "es",
"value": "Trillian 5.1.0.19 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre com\u00fan (CN) del sujeto o en el campo subjectAltName del certificado X.509, lo que permite ataques man-in-the-middle que permiten falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido de su elecci\u00f3n. Se trata de una vulnerabilidad diferente a CVE-2009-4831."
}
],
"id": "CVE-2012-5824",
"lastModified": "2024-11-21T01:45:18.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-04T22:55:04.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/51190"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56454"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/51190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79915"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 | |
| cerulean_studios | trillian | 0.725 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*",
"matchCriteriaId": "6E747537-D974-48C6-8EAA-6B26F3FBDDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long \"raw 221\" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server."
},
{
"lang": "es",
"value": "Multiples desbordamiento de b\u00fafer en el componente IRC de Trillian 0.73 y 0.74 permite a servidores IRC remotos malintencionados causar la Denegaci\u00f3n de Servicios y posiblemente la ejecuci\u00f3n de c\u00f3digo arbitrario mediante:\r\n\r\n una respuesta larga del servidor.\r\n un JOIN con un nombre de canal largo.\r\n un mensaje largo raw 221.\r\n un PRIVMSG con un alias (nick) largo.\r\n una respuesta larga de un servidor IDENT."
}
],
"id": "CVE-2002-1486",
"lastModified": "2024-11-20T23:41:25.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10150.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10151.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10163.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5765"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5769"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10150.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10151.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10163.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5777"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5783 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5783 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerulean_studios | trillian | 0.73 | |
| cerulean_studios | trillian | 0.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E0376EA0-9F02-4987-A0A3-A79DE73512F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC92-EE8F-43A7-8F78-58D01FA4D4A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as \"P \u003e O \u003c C\"."
},
{
"lang": "es",
"value": "El componente AIM de Trillian 0.73 y 0.74 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante determinadas cadenas de caracteres tales como \"P \u003e O \u003c C\"."
}
],
"id": "CVE-2002-1485",
"lastModified": "2024-11-20T23:41:25.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-2409
Vulnerability from cvelistv5
Published
2008-05-23 15:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-08-031/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/1622 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1020106 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/29330 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30336 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42576 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/"
},
{
"name": "ADV-2008-1622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1622"
},
{
"name": "1020106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020106"
},
{
"name": "29330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29330"
},
{
"name": "30336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30336"
},
{
"name": "trillian-msn-protocol-bo(42576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42576"
},
{
"name": "20080521 ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/"
},
{
"name": "ADV-2008-1622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1622"
},
{
"name": "1020106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020106"
},
{
"name": "29330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29330"
},
{
"name": "30336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30336"
},
{
"name": "trillian-msn-protocol-bo(42576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42576"
},
{
"name": "20080521 ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-031/"
},
{
"name": "ADV-2008-1622",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1622"
},
{
"name": "1020106",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020106"
},
{
"name": "29330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29330"
},
{
"name": "30336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30336"
},
{
"name": "trillian-msn-protocol-bo(42576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42576"
},
{
"name": "20080521 ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2409",
"datePublished": "2008-05-23T15:00:00",
"dateReserved": "2008-05-22T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4831
Vulnerability from cvelistv5
Published
2010-04-29 19:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35620 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/504573/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51400 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/35509 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35620"
},
{
"name": "20090626 Trillian SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504573/100/0/threaded"
},
{
"name": "trillian-ssl-security-bypass(51400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51400"
},
{
"name": "35509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35620"
},
{
"name": "20090626 Trillian SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504573/100/0/threaded"
},
{
"name": "trillian-ssl-security-bypass(51400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51400"
},
{
"name": "35509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35620"
},
{
"name": "20090626 Trillian SSL Certificate Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504573/100/0/threaded"
},
{
"name": "trillian-ssl-security-bypass(51400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51400"
},
{
"name": "35509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4831",
"datePublished": "2010-04-29T19:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5401
Vulnerability from cvelistv5
Published
2008-12-09 11:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021335 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/32645 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/50472 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2008/3348 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/498932/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/4700 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/33001 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-077 | x_refsource_MISC | |
| http://blog.ceruleanstudios.com/?p=404 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021335"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "trillian-xmltags-bo(47093)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093"
},
{
"name": "50472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50472"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded"
},
{
"name": "4700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4700"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to \"AIM IMG Tag Parsing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021335"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "trillian-xmltags-bo(47093)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093"
},
{
"name": "50472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50472"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded"
},
{
"name": "4700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4700"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to \"AIM IMG Tag Parsing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021335"
},
{
"name": "32645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "trillian-xmltags-bo(47093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093"
},
{
"name": "50472",
"refsource": "OSVDB",
"url": "http://osvdb.org/50472"
},
{
"name": "ADV-2008-3348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded"
},
{
"name": "4700",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4700"
},
{
"name": "33001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33001"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-077",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077"
},
{
"name": "http://blog.ceruleanstudios.com/?p=404",
"refsource": "MISC",
"url": "http://blog.ceruleanstudios.com/?p=404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5401",
"datePublished": "2008-12-09T11:00:00",
"dateReserved": "2008-12-08T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0520
Vulnerability from cvelistv5
Published
2003-07-10 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105735714318026&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/8107 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030704 Trillian Remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105735714318026\u0026w=2"
},
{
"name": "8107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the \"TypingUser\" string has been modified."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030704 Trillian Remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105735714318026\u0026w=2"
},
{
"name": "8107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the \"TypingUser\" string has been modified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030704 Trillian Remote DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105735714318026\u0026w=2"
},
{
"name": "8107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0520",
"datePublished": "2003-07-10T04:00:00",
"dateReserved": "2003-07-08T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1486
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5777 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/5769 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/5765 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10151.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10163.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html | mailing-list, x_refsource_NTBUGTRAQ | |
| http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.iss.net/security_center/static/10150.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5777"
},
{
"name": "5769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5769"
},
{
"name": "5765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5765"
},
{
"name": "trillian-raw221-bo(10151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10151.php"
},
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "20020921 And Again. Trillian \u0027raw 221\u0027 Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html"
},
{
"name": "trillian-irc-server-bo(10163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10163.php"
},
{
"name": "20020920 Yet Another. Trillian \u0027JOIN\u0027 Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html"
},
{
"name": "20020914 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html"
},
{
"name": "20020919 Trillian .73 \u0026 .74 \"PRIVMSG\" Overflow.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html"
},
{
"name": "trillian-irc-join-bo(10150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10150.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long \"raw 221\" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5777"
},
{
"name": "5769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5769"
},
{
"name": "5765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5765"
},
{
"name": "trillian-raw221-bo(10151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10151.php"
},
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "20020921 And Again. Trillian \u0027raw 221\u0027 Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html"
},
{
"name": "trillian-irc-server-bo(10163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10163.php"
},
{
"name": "20020920 Yet Another. Trillian \u0027JOIN\u0027 Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html"
},
{
"name": "20020914 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html"
},
{
"name": "20020919 Trillian .73 \u0026 .74 \"PRIVMSG\" Overflow.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html"
},
{
"name": "trillian-irc-join-bo(10150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10150.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long \"raw 221\" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5777"
},
{
"name": "5769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5769"
},
{
"name": "5765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5765"
},
{
"name": "trillian-raw221-bo(10151)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10151.php"
},
{
"name": "20020922 *sigh* Trillian multiple DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "20020921 And Again. Trillian \u0027raw 221\u0027 Overflow.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html"
},
{
"name": "trillian-irc-server-bo(10163)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10163.php"
},
{
"name": "20020920 Yet Another. Trillian \u0027JOIN\u0027 Overflow.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html"
},
{
"name": "20020914 Trillian .74 and below, ident flaw.",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html"
},
{
"name": "20020919 Trillian .73 \u0026 .74 \"PRIVMSG\" Overflow.",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html"
},
{
"name": "trillian-irc-join-bo(10150)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10150.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1486",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0874
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/15004 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1013557 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/14689 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=111171416802350&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15004",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15004"
},
{
"name": "1013557",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013557"
},
{
"name": "14689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15004",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15004"
},
{
"name": "1013557",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013557"
},
{
"name": "14689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15004",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15004"
},
{
"name": "1013557",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013557"
},
{
"name": "14689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0874",
"datePublished": "2005-03-26T05:00:00",
"dateReserved": "2005-03-26T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1487
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5775 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10161.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5775"
},
{
"name": "trillian-irc-raw-dos(10161)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10161.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5775"
},
{
"name": "trillian-irc-raw-dos(10161)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10161.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5775"
},
{
"name": "trillian-irc-raw-dos(10161)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10161.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1487",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3141
Vulnerability from cvelistv5
Published
2005-10-05 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/20006 | vdb-entry, x_refsource_OSVDB | |
| http://sourceforge.net/mailarchive/forum.php?thread_id=8315933&forum_id=5420 | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112837909626441&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid=64889 | x_refsource_MISC | |
| http://securityreason.com/securityalert/43 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420"
},
{
"name": "20051003 Trillian remote crashable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112837909626441\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889"
},
{
"name": "43",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420"
},
{
"name": "20051003 Trillian remote crashable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112837909626441\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889"
},
{
"name": "43",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20006",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20006"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=8315933\u0026forum_id=5420"
},
{
"name": "20051003 Trillian remote crashable",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112837909626441\u0026w=2"
},
{
"name": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889",
"refsource": "MISC",
"url": "http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c\u0026threadid=64889"
},
{
"name": "43",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3141",
"datePublished": "2005-10-05T04:00:00",
"dateReserved": "2005-10-05T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0633
Vulnerability from cvelistv5
Published
2005-03-04 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/0221 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/12703 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=111023000624809&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securiteam.com/exploits/5KP030KF5E.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-0221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0221"
},
{
"name": "12703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12703"
},
{
"name": "20050306 See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111023000624809\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-0221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0221"
},
{
"name": "12703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12703"
},
{
"name": "20050306 See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111023000624809\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0221"
},
{
"name": "12703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12703"
},
{
"name": "20050306 See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111023000624809\u0026w=2"
},
{
"name": "http://www.securiteam.com/exploits/5KP030KF5E.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0633",
"datePublished": "2005-03-04T05:00:00",
"dateReserved": "2005-03-04T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0543
Vulnerability from cvelistv5
Published
2006-02-04 02:00
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22877 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \\\u0027d1, (2) \\\u0027d2, (3) \\\u0027d3, (4) \\\u0027d4, and (5) \\\u0027d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-04T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \\\u0027d1, (2) \\\u0027d2, (3) \\\u0027d3, (4) \\\u0027d4, and (5) \\\u0027d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0543",
"datePublished": "2006-02-04T02:00:00Z",
"dateReserved": "2006-02-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:55.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2479
Vulnerability from cvelistv5
Published
2007-05-03 00:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25086 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.ceruleanstudios.com/?p=131 | x_refsource_CONFIRM | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522 | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33983 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1017982 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/23730 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/35722 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1596 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"name": "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"name": "trillian-ctcpping-information-disclosure(33983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33983"
},
{
"name": "1017982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017982"
},
{
"name": "23730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23730"
},
{
"name": "35722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35722"
},
{
"name": "ADV-2007-1596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"name": "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"name": "trillian-ctcpping-information-disclosure(33983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33983"
},
{
"name": "1017982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017982"
},
{
"name": "23730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23730"
},
{
"name": "35722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35722"
},
{
"name": "ADV-2007-1596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25086"
},
{
"name": "http://blog.ceruleanstudios.com/?p=131",
"refsource": "CONFIRM",
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"name": "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"name": "trillian-ctcpping-information-disclosure(33983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33983"
},
{
"name": "1017982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017982"
},
{
"name": "23730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23730"
},
{
"name": "35722",
"refsource": "OSVDB",
"url": "http://osvdb.org/35722"
},
{
"name": "ADV-2007-1596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2479",
"datePublished": "2007-05-03T00:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1666
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17292 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11142 | vdb-entry, x_refsource_BID | |
| http://unsecure.altervista.org/security/trillian.htm | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=109466618609375&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://unsecure.altervista.org/security/trillianbof.c | x_refsource_MISC | |
| http://secunia.com/advisories/12487 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trillian-msn-bo(17292)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292"
},
{
"name": "11142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11142"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unsecure.altervista.org/security/trillian.htm"
},
{
"name": "20040908 Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109466618609375\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unsecure.altervista.org/security/trillianbof.c"
},
{
"name": "12487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trillian-msn-bo(17292)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292"
},
{
"name": "11142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11142"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unsecure.altervista.org/security/trillian.htm"
},
{
"name": "20040908 Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109466618609375\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unsecure.altervista.org/security/trillianbof.c"
},
{
"name": "12487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trillian-msn-bo(17292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292"
},
{
"name": "11142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11142"
},
{
"name": "http://unsecure.altervista.org/security/trillian.htm",
"refsource": "MISC",
"url": "http://unsecure.altervista.org/security/trillian.htm"
},
{
"name": "20040908 Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109466618609375\u0026w=2"
},
{
"name": "http://unsecure.altervista.org/security/trillianbof.c",
"refsource": "MISC",
"url": "http://unsecure.altervista.org/security/trillianbof.c"
},
{
"name": "12487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1666",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0875
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14689 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=111171416802350&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14689"
},
{
"name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111171416802350\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0875",
"datePublished": "2005-03-26T05:00:00",
"dateReserved": "2005-03-26T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3305
Vulnerability from cvelistv5
Published
2007-06-21 00:38
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/187033 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2007/2246 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34918 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24523 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1018265 | vdb-entry, x_refsource_SECTRACK | |
| http://blog.ceruleanstudios.com/?p=150 | x_refsource_CONFIRM | |
| http://osvdb.org/37446 | vdb-entry, x_refsource_OSVDB | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545 | third-party-advisory, x_refsource_IDEFENSE | |
| http://secunia.com/advisories/25736 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#187033",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/187033"
},
{
"name": "ADV-2007-2246",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2246"
},
{
"name": "trillian-utf8-bo(34918)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34918"
},
{
"name": "24523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24523"
},
{
"name": "1018265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.ceruleanstudios.com/?p=150"
},
{
"name": "37446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37446"
},
{
"name": "20070618 Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545"
},
{
"name": "25736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#187033",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/187033"
},
{
"name": "ADV-2007-2246",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2246"
},
{
"name": "trillian-utf8-bo(34918)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34918"
},
{
"name": "24523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24523"
},
{
"name": "1018265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.ceruleanstudios.com/?p=150"
},
{
"name": "37446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37446"
},
{
"name": "20070618 Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545"
},
{
"name": "25736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#187033",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/187033"
},
{
"name": "ADV-2007-2246",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2246"
},
{
"name": "trillian-utf8-bo(34918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34918"
},
{
"name": "24523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24523"
},
{
"name": "1018265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018265"
},
{
"name": "http://blog.ceruleanstudios.com/?p=150",
"refsource": "CONFIRM",
"url": "http://blog.ceruleanstudios.com/?p=150"
},
{
"name": "37446",
"refsource": "OSVDB",
"url": "http://osvdb.org/37446"
},
{
"name": "20070618 Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545"
},
{
"name": "25736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3305",
"datePublished": "2007-06-21T00:38:00",
"dateReserved": "2007-06-20T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2173
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5389 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/285695 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9764.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5389",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5389"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "trillian-irc-dcc-bo(9764)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9764.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5389",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5389"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "trillian-irc-dcc-bo(9764)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9764.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5389"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "trillian-irc-dcc-bo(9764)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9764.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2173",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:37.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2366
Vulnerability from cvelistv5
Published
2007-10-31 16:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9999.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5601 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020831 Trillian XML parser buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html"
},
{
"name": "trillian-xml-parser-bo(9999)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9999.php"
},
{
"name": "5601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-31T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020831 Trillian XML parser buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html"
},
{
"name": "trillian-xml-parser-bo(9999)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9999.php"
},
{
"name": "5601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020831 Trillian XML parser buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html"
},
{
"name": "trillian-xml-parser-bo(9999)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9999.php"
},
{
"name": "5601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2366",
"datePublished": "2007-10-31T16:00:00Z",
"dateReserved": "2007-10-31T00:00:00Z",
"dateUpdated": "2024-09-17T02:52:08.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2156
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 23:50
Severity ?
EPSS score ?
Summary
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/285695 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/285639 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "20020801 trillian buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/285639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "20020801 trillian buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/285639"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "20020801 trillian buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/285639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2156",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:50:56.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3833
Vulnerability from cvelistv5
Published
2007-07-17 22:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2546 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26086 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/24927 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35449 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26086"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24927"
},
{
"name": "trillian-aim-file-create(35449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the \"aim: \u0026c:\\\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26086"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24927"
},
{
"name": "trillian-aim-file-create(35449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35449"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the \"aim: \u0026c:\\\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26086"
},
{
"name": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html",
"refsource": "MISC",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24927"
},
{
"name": "trillian-aim-file-create(35449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35449"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3833",
"datePublished": "2007-07-17T22:00:00",
"dateReserved": "2007-07-17T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2390
Vulnerability from cvelistv5
Published
2007-10-31 16:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5733 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html | mailing-list, x_refsource_FULLDISC | |
| http://www.iss.net/security_center/static/10118.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020918 trillian DoS: trillian 1.0 pro also vulnerable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
},
{
"name": "5733",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5733"
},
{
"name": "20020918 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"name": "20020917 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"name": "trillian-identd-bo(10118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10118.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-31T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020918 trillian DoS: trillian 1.0 pro also vulnerable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
},
{
"name": "5733",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5733"
},
{
"name": "20020918 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"name": "20020917 Trillian .74 and below, ident flaw.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"name": "trillian-identd-bo(10118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10118.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020918 trillian DoS: trillian 1.0 pro also vulnerable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
},
{
"name": "5733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5733"
},
{
"name": "20020918 Trillian .74 and below, ident flaw.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"name": "20020917 Trillian .74 and below, ident flaw.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"name": "trillian-identd-bo(10118)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10118.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2390",
"datePublished": "2007-10-31T16:00:00Z",
"dateReserved": "2007-10-31T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:17.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1419
Vulnerability from cvelistv5
Published
2005-03-20 05:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/507771 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7233 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/JARL-56TPTN | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/3398 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/247707 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#507771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/507771"
},
{
"name": "aim-html-comments-dos(7233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"name": "3398",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3398"
},
{
"name": "20011230 Windows AIM Client Exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"name": "20011002 AIM 0day DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of \"\u003c!--\" HTML comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#507771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/507771"
},
{
"name": "aim-html-comments-dos(7233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"name": "3398",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3398"
},
{
"name": "20011230 Windows AIM Client Exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"name": "20011002 AIM 0day DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of \"\u003c!--\" HTML comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507771",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/507771"
},
{
"name": "aim-html-comments-dos(7233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
},
{
"name": "http://www.kb.cert.org/vuls/id/JARL-56TPTN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"name": "3398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3398"
},
{
"name": "20011230 Windows AIM Client Exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"name": "20011002 AIM 0day DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1419",
"datePublished": "2005-03-20T05:00:00",
"dateReserved": "2005-03-20T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5402
Vulnerability from cvelistv5
Published
2008-12-09 11:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4701 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1021334 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/50473 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/32645 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/3348 | vdb-entry, x_refsource_VUPEN | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-078 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/498933/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/33001 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.ceruleanstudios.com/?p=404 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4701",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4701"
},
{
"name": "trillian-xml-code-execution(47098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098"
},
{
"name": "1021334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021334"
},
{
"name": "50473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50473"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078"
},
{
"name": "20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the \"IMG SRC ID.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4701",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4701"
},
{
"name": "trillian-xml-code-execution(47098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098"
},
{
"name": "1021334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021334"
},
{
"name": "50473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50473"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078"
},
{
"name": "20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the \"IMG SRC ID.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4701",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4701"
},
{
"name": "trillian-xml-code-execution(47098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098"
},
{
"name": "1021334",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021334"
},
{
"name": "50473",
"refsource": "OSVDB",
"url": "http://osvdb.org/50473"
},
{
"name": "32645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "ADV-2008-3348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-078",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078"
},
{
"name": "20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded"
},
{
"name": "33001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33001"
},
{
"name": "http://blog.ceruleanstudios.com/?p=404",
"refsource": "MISC",
"url": "http://blog.ceruleanstudios.com/?p=404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5402",
"datePublished": "2008-12-09T11:00:00",
"dateReserved": "2008-12-08T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5824
Vulnerability from cvelistv5
Published
2012-11-04 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/51190 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/56454 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:26.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trillian-ssl-spoofing(79915)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79915"
},
{
"name": "51190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "56454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trillian-ssl-spoofing(79915)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79915"
},
{
"name": "51190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "56454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trillian-ssl-spoofing(79915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79915"
},
{
"name": "51190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51190"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "56454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5824",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:21:26.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1485
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5783 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020923 Trillian Remote DoS Attack - AIM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html"
},
{
"name": "5783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as \"P \u003e O \u003c C\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020923 Trillian Remote DoS Attack - AIM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html"
},
{
"name": "5783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as \"P \u003e O \u003c C\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020923 Trillian Remote DoS Attack - AIM",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html"
},
{
"name": "5783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1485",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1488
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5776 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10162.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5776"
},
{
"name": "trillian-part-message-dos(10162)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10162.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5776"
},
{
"name": "trillian-part-message-dos(10162)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10162.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020922 *sigh* Trillian multiple DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html"
},
{
"name": "5776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5776"
},
{
"name": "trillian-part-message-dos(10162)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10162.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1488",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2370
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/10973/ | third-party-advisory, x_refsource_SECUNIA | |
| http://security.e-matters.de/advisories/022004.html | x_refsource_MISC | |
| http://www.osvdb.org/4060 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15304 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1009220 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10973/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "4060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4060"
},
{
"name": "trillian-key-name-bo(15304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15304"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html"
},
{
"name": "1009220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10973/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "4060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4060"
},
{
"name": "trillian-key-name-bo(15304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15304"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html"
},
{
"name": "1009220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10973/"
},
{
"name": "http://security.e-matters.de/advisories/022004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "4060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4060"
},
{
"name": "trillian-key-name-bo(15304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15304"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017766.html"
},
{
"name": "1009220",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2370",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2155
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9761.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/285695 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5388 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trillian-irc-format-string(9761)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9761.php"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "5388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trillian-irc-format-string(9761)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9761.php"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "5388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trillian-irc-format-string(9761)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9761.php"
},
{
"name": "20020801 Two more exploitable holes in the trillian irc module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/285695"
},
{
"name": "5388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2155",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T20:01:52.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2304
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9489 | vdb-entry, x_refsource_BID | |
| http://security.e-matters.de/advisories/022004.html | x_refsource_MISC | |
| http://secunia.com/advisories/10973 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15303 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1009220 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.seifried.org/pipermail/security/2004-February/001869.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/4056 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9489"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "10973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10973"
},
{
"name": "trillian-directim-bo(15303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15303"
},
{
"name": "1009220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009220"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.seifried.org/pipermail/security/2004-February/001869.html"
},
{
"name": "4056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9489"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "10973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10973"
},
{
"name": "trillian-directim-bo(15303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15303"
},
{
"name": "1009220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009220"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.seifried.org/pipermail/security/2004-February/001869.html"
},
{
"name": "4056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9489"
},
{
"name": "http://security.e-matters.de/advisories/022004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/022004.html"
},
{
"name": "10973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10973"
},
{
"name": "trillian-directim-bo(15303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15303"
},
{
"name": "1009220",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009220"
},
{
"name": "20040224 Advisory 02/2004: Trillian remote overflows",
"refsource": "FULLDISC",
"url": "http://lists.seifried.org/pipermail/security/2004-February/001869.html"
},
{
"name": "4056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2304",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2162
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/291071 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10092.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5677 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020909 Trillian weakly encrypts saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/291071"
},
{
"name": "trillian-insecure-password-storage(10092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10092.php"
},
{
"name": "5677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020909 Trillian weakly encrypts saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/291071"
},
{
"name": "trillian-insecure-password-storage(10092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10092.php"
},
{
"name": "5677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020909 Trillian weakly encrypts saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/291071"
},
{
"name": "trillian-insecure-password-storage(10092)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10092.php"
},
{
"name": "5677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2162",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:14.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5403
Vulnerability from cvelistv5
Published
2008-12-09 11:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021336 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-079 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/32645 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/498936/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/3348 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/50474 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/33001 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4702 | third-party-advisory, x_refsource_SREASON | |
| http://blog.ceruleanstudios.com/?p=404 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021336"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-079"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498936/100/0/threaded"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "50474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50474"
},
{
"name": "trillian-xml-bo(47100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47100"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33001"
},
{
"name": "4702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4702"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021336"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-079"
},
{
"name": "32645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498936/100/0/threaded"
},
{
"name": "ADV-2008-3348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "50474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50474"
},
{
"name": "trillian-xml-bo(47100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47100"
},
{
"name": "33001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33001"
},
{
"name": "4702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4702"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.ceruleanstudios.com/?p=404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021336"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-079",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-079"
},
{
"name": "32645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32645"
},
{
"name": "20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498936/100/0/threaded"
},
{
"name": "ADV-2008-3348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3348"
},
{
"name": "50474",
"refsource": "OSVDB",
"url": "http://osvdb.org/50474"
},
{
"name": "trillian-xml-bo(47100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47100"
},
{
"name": "33001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33001"
},
{
"name": "4702",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4702"
},
{
"name": "http://blog.ceruleanstudios.com/?p=404",
"refsource": "MISC",
"url": "http://blog.ceruleanstudios.com/?p=404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5403",
"datePublished": "2008-12-09T11:00:00",
"dateReserved": "2008-12-08T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2008
Vulnerability from cvelistv5
Published
2008-04-29 10:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29952 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3849 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/28925 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1368/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/491281/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29952"
},
{
"name": "3849",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3849"
},
{
"name": "28925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28925"
},
{
"name": "ADV-2008-1368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1368/references"
},
{
"name": "20080424 Trillian 3.1 basic nick crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29952"
},
{
"name": "3849",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3849"
},
{
"name": "28925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28925"
},
{
"name": "ADV-2008-1368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1368/references"
},
{
"name": "20080424 Trillian 3.1 basic nick crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29952"
},
{
"name": "3849",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3849"
},
{
"name": "28925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28925"
},
{
"name": "ADV-2008-1368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1368/references"
},
{
"name": "20080424 Trillian 3.1 basic nick crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2008",
"datePublished": "2008-04-29T10:00:00",
"dateReserved": "2008-04-28T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3832
Vulnerability from cvelistv5
Published
2007-07-17 22:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35447 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/2546 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26086 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/786920 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/24927 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trillian-aim-bo(35447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35447"
},
{
"name": "ADV-2007-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26086"
},
{
"name": "20070718 Can CERT VU#786920 be right?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html"
},
{
"name": "VU#786920",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/786920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trillian-aim-bo(35447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35447"
},
{
"name": "ADV-2007-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26086"
},
{
"name": "20070718 Can CERT VU#786920 be right?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html"
},
{
"name": "VU#786920",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/786920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24927"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trillian-aim-bo(35447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35447"
},
{
"name": "ADV-2007-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2546"
},
{
"name": "26086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26086"
},
{
"name": "20070718 Can CERT VU#786920 be right?",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html"
},
{
"name": "VU#786920",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/786920"
},
{
"name": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html",
"refsource": "MISC",
"url": "http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html"
},
{
"name": "24927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24927"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3832",
"datePublished": "2007-07-17T22:00:00",
"dateReserved": "2007-07-17T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}