4 results (0.003 seconds)

CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 1

Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings. Un desbordamiento de búfer en la región stack de la memoria en el soporte LiveJournal (hooks/ljhook.cc) en CenterICQ versión 4.9.11 hasta versión 4.21.0, cuando se utilizan servidores LiveJournal no oficiales, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario mediante la adición de la víctima como amigo y el uso de (1) nombre de usuario largos y (2) cadenas de nombre real largas. • http://osvdb.org/33408 http://securityreason.com/securityalert/2129 http://securitytracker.com/id?1017545 http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml http://www.securityfocus.com/archive/1/456255/100/0/threaded http://www.securityfocus.com/bid/21932 http://www.vupen.com/english/advisories/2007/0306 https://exchange.xforce.ibmcloud.com/vulnerabilities/31330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 23%CPEs: 1EXPL: 1

centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. • https://www.exploit-db.com/exploits/26666 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089 http://secunia.com/advisories/17798 http://secunia.com/advisories/17818 http://secunia.com/advisories/18081 http://security.gentoo.org/glsa/glsa-200512-11.xml http://www.debian.org/security/2005/dsa-912 http://www.osvdb.org/21270 http://www.securityfocus.com/bid/15649 https://bugs.gentoo.org/show_bug.cgi?id=100519 https://exchange.xforce.ibmcloud.com/vulnerabilities/23 •

CVSS: 7.5EPSS: 5%CPEs: 20EXPL: 0

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. Múltiples desbordamientos de búfer en libgadu, usado en Kopete en KDE 3.2.3 hasta la 3.4.1, ekg anteriores a 1.6rc3, GNU Gadu, CenterICQ, Kadu, y otros paquetes, permite que atacantes remotos causen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante un mensaje de entrada. • http://lwn.net/Articles/144724 http://marc.info/?l=bugtraq&m=112198499417250&w=2 http://secunia.com/advisories/16140 http://secunia.com/advisories/16155 http://secunia.com/advisories/16211 http://secunia.com/advisories/16242 http://security.gentoo.org/glsa/glsa-200507-23.xml http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml http://www.kde.org/info/security/advisory-20050721-1.txt http://www.novell.com/linux/security/advisories/2005_19_sr.html http:/&# • CWE-189: Numeric Errors •

CVSS: 2.1EPSS: 0%CPEs: 69EXPL: 0

CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. CenterICQ 4.20.0 y anteriores crea ficheros temporales con nombres de ficheros predecibles, lo que permite que usuarios locales sobreescriban ficheros arbitrarios mediante un ataque de enlaces simbólicos en el fichero temporal "gg.token.PID". • http://www.debian.org/security/2005/dsa-754 http://www.securityfocus.com/bid/14144 http://www.zataz.net/adviso/centericq-06152005.txt •