CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2001-1420
https://notcve.org/view.php?id=CVE-2001-1420
20 Mar 2005 — AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. • http://www.kb.cert.org/vuls/id/972499 •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 2CVE-2004-2373 – AOL Instant Messenger 4.x/5.x - Buddy Icon Predictable File Location
https://notcve.org/view.php?id=CVE-2004-2373
31 Dec 2004 — The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations. • https://www.exploit-db.com/exploits/23730 •
CVSS: 10.0EPSS: 78%CPEs: 3EXPL: 3CVE-2004-0636 – AOL Instant Messenger AIM - 'Away' Message Local Overflow
https://notcve.org/view.php?id=CVE-2004-0636
12 Aug 2004 — Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. Desbordamiento de búfer en la función goaway en el manejador de URI aim:goaway en AOL Instant Messenger (AIM) 5.5, incluyendo 5.5.3595, permite a atacantes remotos ejecutar código de su elección mediante un mensaje "Away" largo. • https://www.exploit-db.com/exploits/395 •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2003-1503
https://notcve.org/view.php?id=CVE-2003-1503
31 Dec 2003 — Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. • http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0059.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 3CVE-2002-1813 – AOL Instant Messenger 4.8.2790 - Local File Execution
https://notcve.org/view.php?id=CVE-2002-1813
31 Dec 2002 — Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link. • https://www.exploit-db.com/exploits/21958 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2002-1953
https://notcve.org/view.php?id=CVE-2002-1953
31 Dec 2002 — Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. • http://online.securityfocus.com/archive/1/288980 •
CVSS: 6.1EPSS: 3%CPEs: 3EXPL: 3CVE-2002-2169 – AOL Instant Messenger 4.x - Unauthorized Actions
https://notcve.org/view.php?id=CVE-2002-2169
31 Dec 2002 — Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL. • https://www.exploit-db.com/exploits/21619 •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 1CVE-2002-0785
https://notcve.org/view.php?id=CVE-2002-0785
12 Aug 2002 — AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. • http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2002-0586
https://notcve.org/view.php?id=CVE-2002-0586
11 Jun 2002 — Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0587
https://notcve.org/view.php?id=CVE-2002-0587
11 Jun 2002 — Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html •