Page 3 of 18 results (0.001 seconds)

CVSS: 2.6EPSS: 2%CPEs: 3EXPL: 0

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html http://secunia.com/advisories/20154 http://www.kb.cert.org/vuls/id/466428 http://www.osvdb.org/25658 http://www.securityfocus.com/archive/1/434707/30/4860/threaded http://www.securityfocus.com/bid/18038 http://www.skype.com/security/skype-sb-2006-001.html http://www.vupen.com/english/advisories/2006/1871 https://exchange.xforce.ibmcloud.com/vulnerabilities/26557 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.3EPSS: 23%CPEs: 18EXPL: 0

Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. • http://secunia.com/advisories/17305 http://skype.com/security/skype-sb-2005-02.html http://www.kb.cert.org/vuls/id/668193 http://www.kb.cert.org/vuls/id/930345 http://www.pentest.co.uk/documents/ptl-2005-01.html http://www.securityfocus.com/bid/15190 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22848 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 1

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. • http://marc.info/?l=bugtraq&m=113026202728568&w=2 http://secunia.com/advisories/17305 http://securityreason.com/securityalert/115 http://skype.com/security/skype-sb-2005-03.html http://www.kb.cert.org/vuls/id/905177 http://www.osvdb.org/20306 http://www.securityfocus.com/bid/15192 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22850 • CWE-189: Numeric Errors •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file. Skype 1.1.0.20 y anteriores permite que usuarios locales sobreescriban ficheros arbitrarios mediante un ataque de enlaces simbólicos en el fichero temporal "skype_profile.jpg". • http://marc.info/?l=bugtraq&m=112156036013818&w=2 http://secunia.com/advisories/16105 http://www.zone-h.org/advisories/read/id=7808 •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. • http://www.skype.com/security/ssa-2005-01.html •