CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2363 – AOL AIM Triton Invite denial of service
https://notcve.org/view.php?id=CVE-2024-2363
10 Mar 2024 — A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. • https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5570
https://notcve.org/view.php?id=CVE-2014-5570
09 Sep 2014 — The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación DailyFinance - Stocks & News (también conocido como com.aol.mobile.dailyFinance) 2.0.2.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5816
https://notcve.org/view.php?id=CVE-2012-5816
04 Nov 2012 — AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. AOL Instant Messenger (AIM) v1.0.1.2 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite ataques man-in-the... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 32EXPL: 0CVE-2010-1374
https://notcve.org/view.php?id=CVE-2010-1374
17 Jun 2010 — Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4494 – AOLServer Terminal 4.5.1 - Escape Sequence in Logs Command Injection
https://notcve.org/view.php?id=CVE-2009-4494
13 Jan 2010 — AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. AOLserver v4.5.1 escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescr... • https://www.exploit-db.com/exploits/33497 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 38%CPEs: 1EXPL: 3CVE-2009-3658 – AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution
https://notcve.org/view.php?id=CVE-2009-3658
09 Oct 2009 — Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. El control ActiveX Sb.SuperBuddy.1 (sb.dll) en America Online (AOL) v9.5.0.1 no gestiona adecuadamente la memoria, lo que permite a atacanates remotos generar una corrupción de memoria o posiblemente ejcutar codigo arbitrario a través de un argumento del método... • https://www.exploit-db.com/exploits/9992 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 38%CPEs: 7EXPL: 0CVE-2009-2404 – nss regexp heap overflow
https://notcve.org/view.php?id=CVE-2009-2404
03 Aug 2009 — Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el an... • http://rhn.redhat.com/errata/RHSA-2009-1185.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 3CVE-2007-6699 – AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 - Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6699
04 Feb 2008 — Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. Múltiples desbordamientos de búfer en el control ActiveX AIM PicEditor 9.5.1.8 de YGPPicEdit.dll en AOL You've Got Pictures (Y... • https://www.exploit-db.com/exploits/30936 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 49%CPEs: 2EXPL: 0CVE-2007-6250
https://notcve.org/view.php?id=CVE-2007-6250
09 Jan 2008 — Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. Desbordamiento de búfer basado en pila en AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), como el utilizado en el control ActiveX AmpX (AmpX.dll), podría permitir a atacantes remotos ejecutar código de su elección a través del método AppendFileToPlayList. • http://secunia.com/advisories/28399 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 0CVE-2007-5755
https://notcve.org/view.php?id=CVE-2007-5755
14 Nov 2007 — Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. Múltiples desbordamientos de búfer basado en pila en el control ActiveX AOL AmpX en mpX.dll 2.6.1.11 en AOL Radio permite a atacantes remotos ejecutar código de su elección a través de argumentos largos en métodos no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •