CVE-2002-1486 – Trillian 0.725/0.73/0.74 - IRC User Mode Numeric Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1486
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server. Multiples desbordamiento de búfer en el componente IRC de Trillian 0.73 y 0.74 permite a servidores IRC remotos malintencionados causar la Denegación de Servicios y posiblemente la ejecución de código arbitrario mediante: una respuesta larga del servidor. un JOIN con un nombre de canal largo. un mensaje largo raw 221. un PRIVMSG con un alias (nick) largo. una respuesta larga de un servidor IDENT. • https://www.exploit-db.com/exploits/21816 https://www.exploit-db.com/exploits/21813 https://www.exploit-db.com/exploits/21823 https://www.exploit-db.com/exploits/21804 https://www.exploit-db.com/exploits/21810 http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html http: •
CVE-2002-2155
https://notcve.org/view.php?id=CVE-2002-2155
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name. • http://www.iss.net/security_center/static/9761.php http://www.securityfocus.com/archive/1/285695 http://www.securityfocus.com/bid/5388 •
CVE-2002-2173
https://notcve.org/view.php?id=CVE-2002-2173
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message. • http://www.iss.net/security_center/static/9764.php http://www.securityfocus.com/archive/1/285695 http://www.securityfocus.com/bid/5389 •
CVE-2002-2162 – Trillian Instant Messaging 0.x - Credential Encryption
https://notcve.org/view.php?id=CVE-2002-2162
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. • https://www.exploit-db.com/exploits/21781 http://www.iss.net/security_center/static/10092.php http://www.securityfocus.com/archive/1/291071 http://www.securityfocus.com/bid/5677 •
CVE-2002-2366
https://notcve.org/view.php?id=CVE-2002-2366
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. • http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html http://www.iss.net/security_center/static/9999.php http://www.securityfocus.com/bid/5601 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •