4 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 1

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4 https://vuldb.com/?ctiid.277500 https://vuldb.com/?id.277500 https://vuldb.com/?submit.403203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de imagen. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. • http://marc.info/?l=bugtraq&m=111816939928640&w=2 http://marc.info/?l=bugtraq&m=111817881214343&w=2 http://securitytracker.com/id?1014145 http://www.securityfocus.com/bid/13880 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. • https://www.exploit-db.com/exploits/20511 http://marc.info/?l=bugtraq&m=97668265628917&w=2 http://marc.info/?l=bugtraq&m=97683774417132&w=2 http://www.atstake.com/research/advisories/2000/a121200-1.txt http://www.osvdb.org/1692 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •