CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5824
https://notcve.org/view.php?id=CVE-2012-5824
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831. Trillian 5.1.0.19 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o en el campo subjectAltName del certificado X.509, lo que permite ataques man-in-the-middle que permiten falsificar servidores SSL a través de un certificado válido de su elección. Se trata de una vulnerabilidad diferente a CVE-2009-4831. • http://secunia.com/advisories/51190 http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf http://www.securityfocus.com/bid/56454 https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 • CWE-295: Improper Certificate Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4831
https://notcve.org/view.php?id=CVE-2009-4831
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. Cerulean Studios Trillian v3.1 Basic no comprueba los certificados SSL durante la autenticación de MSN, lo cual permite a atacantes remotos obtener credenciales de MSN a través de un ataque "man-in-the-middle con un certificado SSL falso. • http://secunia.com/advisories/35620 http://www.securityfocus.com/archive/1/504573/100/0/threaded http://www.securityfocus.com/bid/35509 https://exchange.xforce.ibmcloud.com/vulnerabilities/51400 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 70%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50474 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4702 http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021336 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-079 https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 71%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50472 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.securityfocus.com/archive/1/498932/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021335 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-077 https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50473 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4701 http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021334 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 • CWE-399: Resource Management Errors •