CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4831
https://notcve.org/view.php?id=CVE-2009-4831
29 Apr 2010 — Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. Cerulean Studios Trillian v3.1 Basic no comprueba los certificados SSL durante la autenticación de MSN, lo cual permite a atacantes remotos obtener credenciales de MSN a través de un ataque "man-in-the-middle con un certificado SSL falso. • http://secunia.com/advisories/35620 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 26%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
04 Dec 2008 — Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execut... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 18%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
04 Dec 2008 — Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of ... • http://blog.ceruleanstudios.com/?p=404 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
04 Dec 2008 — Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean St... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 0CVE-2008-2407 – Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2407
21 May 2008 — Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. Desbordamiento de Búfer basado en pila en AIM.DLL en Cerulean Studios Trillian anterior a 3.1.10.0, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un valor largo en el atributo, en una etiqueta FONT de un mensaje. This vulnerability allows remote attackers to exec... • http://secunia.com/advisories/30336 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 17%CPEs: 15EXPL: 0CVE-2008-2409 – Trillian MSN MIME Header Stack-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2409
21 May 2008 — Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de atributos no especificados en la cabecera X-MMS-IM-FORMAT en un mensaje MSN. This vulnerability allows remote attackers to execute arbitrary code on vu... • http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 30%CPEs: 1EXPL: 0CVE-2007-3305
https://notcve.org/view.php?id=CVE-2007-3305
21 Jun 2007 — Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar códi... • http://blog.ceruleanstudios.com/?p=150 •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2479
https://notcve.org/view.php?id=CVE-2007-2479
03 May 2007 — Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos obtener informacion potencialmente sensible a través de mensajes CTCP PING largo que contienen caracteres UTF-8, lo c... • http://blog.ceruleanstudios.com/?p=131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0543
https://notcve.org/view.php?id=CVE-2006-0543
04 Feb 2006 — Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://www.osvdb.org/22877 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3141
https://notcve.org/view.php?id=CVE-2005-3141
05 Oct 2005 — Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. • http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid=64889 •