32 results (0.010 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. Cerulean Studios Trillian v3.1 Basic no comprueba los certificados SSL durante la autenticación de MSN, lo cual permite a atacantes remotos obtener credenciales de MSN a través de un ataque "man-in-the-middle con un certificado SSL falso. • http://secunia.com/advisories/35620 http://www.securityfocus.com/archive/1/504573/100/0/threaded http://www.securityfocus.com/bid/35509 https://exchange.xforce.ibmcloud.com/vulnerabilities/51400 • CWE-295: Improper Certificate Validation •

CVSS: 9.3EPSS: 14%CPEs: 3EXPL: 2

Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file. Desbordamiento de búfer en el analizador XML en Trillian v3.1.9.0, y posiblemente versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un fichero DTD manipulado. • https://www.exploit-db.com/exploits/31639 http://osvdb.org/51130 http://www.securityfocus.com/archive/1/490772/100/0/threaded http://www.securityfocus.com/bid/28747 https://exchange.xforce.ibmcloud.com/vulnerabilities/41782 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 70%CPEs: 55EXPL: 0

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50474 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4702 http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021336 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-079 https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 71%CPEs: 55EXPL: 0

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50472 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.securityfocus.com/archive/1/498932/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021335 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-077 https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50473 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4701 http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021334 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 • CWE-399: Resource Management Errors •