CVE-2004-0007
https://notcve.org/view.php?id=CVE-2004-0007
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code. Desbordamiento de búfer en la Función Extract Info Field en los manejadores de protocolos de MSN e YMSG en Gaim 0.74 y anteriores, y Ultramagnetic anteriores a 0.81 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario. • http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 http://marc.info/?l=bugtraq&m=107513690306318&w=2 http://marc.info/?l=bugtraq&m=107522432613022&w=2 http://security.e-matters.de/advisories/012004.html http://security.gentoo.org/glsa/glsa-200401-04.xml http://ultramagnetic.sourceforge.net/advisories/001.html http://www.debian.org/security/2004/dsa-434 http://www.kb.cert.org/vuls/id •
CVE-2004-0008
https://notcve.org/view.php?id=CVE-2004-0008
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. Desbordamiento de enteros en Gaim 0.74 y anteriores, y Ultramagnetic anteriores a 0.81 permite a atacantes remotos causar una denegación de servicio. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 http://marc.info/?l=bugtraq&m=107513690306318&w=2 http://marc.info/?l=bugtraq&m=107522338611564&w=2 http://marc.info/?l=bugtraq&m=107522432613022&w=2 http://security.e-matters.de/advisories/01 •
CVE-2002-0384
https://notcve.org/view.php?id=CVE-2002-0384
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en el plug-in Jabber en el cliente Gaim anteriores a 0.589 permite a atacantes ejecutar código arbitrario. • http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 http://online.securityfocus.com/advisories/4358 http://www.iss.net/security_center/static/9766.php http://www.osvdb.org/3729 http://www.redhat.com/support/errata/RHSA-2002-098.html http://www.redhat.com/support/errata/RHSA-2002-107.html http://www.redhat.com/support/errata/RHSA-2002-122.html http://www.redhat.com/support/errata/RHSA-2003-156.html http://www.securityfocus.com/bid/5406 https://access •
CVE-2002-0989
https://notcve.org/view.php?id=CVE-2002-0989
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 http://gaim.sourceforge.net/ChangeLog http://marc.info/?l=bugtraq&m=103046442403404&w=2 http://online.securityfocus.com/advisories/4471 http://www.debian.org/security/2002/dsa-158 http://www.iss.net/security_center •
CVE-2002-0377
https://notcve.org/view.php?id=CVE-2002-0377
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. • http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html http://gaim.sourceforge.net/ChangeLog http://marc.info/?l=bugtraq&m=102130733815285&w=2 http://www.iss.net/security_center/static/9061.php http://www.securityfocus.com/bid/4730 •