CVE-2004-0006
https://notcve.org/view.php?id=CVE-2004-0006
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. Múltiples desbordamientos de búfer en Gaim 0.75 y anteriores, y Ultramagnetic anteriores a de 0.81, permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 http://marc.info/?l=bugtraq&m=107513690306318&w=2 http://marc.info/?l=bugtraq&m=107522432613022&w=2 http://security.e-matters.de/advisories/012004.html http://security.gentoo.org/glsa/glsa-200401- •
CVE-2004-0008
https://notcve.org/view.php?id=CVE-2004-0008
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. Desbordamiento de enteros en Gaim 0.74 y anteriores, y Ultramagnetic anteriores a 0.81 permite a atacantes remotos causar una denegación de servicio. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 http://marc.info/?l=bugtraq&m=107513690306318&w=2 http://marc.info/?l=bugtraq&m=107522338611564&w=2 http://marc.info/?l=bugtraq&m=107522432613022&w=2 http://security.e-matters.de/advisories/01 •
CVE-2002-0384
https://notcve.org/view.php?id=CVE-2002-0384
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en el plug-in Jabber en el cliente Gaim anteriores a 0.589 permite a atacantes ejecutar código arbitrario. • http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 http://online.securityfocus.com/advisories/4358 http://www.iss.net/security_center/static/9766.php http://www.osvdb.org/3729 http://www.redhat.com/support/errata/RHSA-2002-098.html http://www.redhat.com/support/errata/RHSA-2002-107.html http://www.redhat.com/support/errata/RHSA-2002-122.html http://www.redhat.com/support/errata/RHSA-2003-156.html http://www.securityfocus.com/bid/5406 https://access •
CVE-2002-0989
https://notcve.org/view.php?id=CVE-2002-0989
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 http://gaim.sourceforge.net/ChangeLog http://marc.info/?l=bugtraq&m=103046442403404&w=2 http://online.securityfocus.com/advisories/4471 http://www.debian.org/security/2002/dsa-158 http://www.iss.net/security_center •
CVE-2002-0377
https://notcve.org/view.php?id=CVE-2002-0377
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. • http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html http://gaim.sourceforge.net/ChangeLog http://marc.info/?l=bugtraq&m=102130733815285&w=2 http://www.iss.net/security_center/static/9061.php http://www.securityfocus.com/bid/4730 •