CVSS: 2.6EPSS: 2%CPEs: 3EXPL: 0CVE-2006-2312
https://notcve.org/view.php?id=CVE-2006-2312
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html http://secunia.com/advisories/20154 http://www.kb.cert.org/vuls/id/466428 http://www.osvdb.org/25658 http://www.securityfocus.com/archive/1/434707/30/4860/threaded http://www.securityfocus.com/bid/18038 http://www.skype.com/security/skype-sb-2006-001.html http://www.vupen.com/english/advisories/2006/1871 https://exchange.xforce.ibmcloud.com/vulnerabilities/26557 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.3EPSS: 23%CPEs: 18EXPL: 0CVE-2005-3265
https://notcve.org/view.php?id=CVE-2005-3265
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. • http://secunia.com/advisories/17305 http://skype.com/security/skype-sb-2005-02.html http://www.kb.cert.org/vuls/id/668193 http://www.kb.cert.org/vuls/id/930345 http://www.pentest.co.uk/documents/ptl-2005-01.html http://www.securityfocus.com/bid/15190 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22848 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 1CVE-2005-3267
https://notcve.org/view.php?id=CVE-2005-3267
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. • http://marc.info/?l=bugtraq&m=113026202728568&w=2 http://secunia.com/advisories/17305 http://securityreason.com/securityalert/115 http://skype.com/security/skype-sb-2005-03.html http://www.kb.cert.org/vuls/id/905177 http://www.osvdb.org/20306 http://www.securityfocus.com/bid/15192 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22850 • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2300
https://notcve.org/view.php?id=CVE-2005-2300
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file. Skype 1.1.0.20 y anteriores permite que usuarios locales sobreescriban ficheros arbitrarios mediante un ataque de enlaces simbólicos en el fichero temporal "skype_profile.jpg". • http://marc.info/?l=bugtraq&m=112156036013818&w=2 http://secunia.com/advisories/16105 http://www.zone-h.org/advisories/read/id=7808 •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1407
https://notcve.org/view.php?id=CVE-2005-1407
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. • http://www.skype.com/security/ssa-2005-01.html •