CVSS: 7.5EPSS: 12%CPEs: 10EXPL: 1CVE-2010-0013 – Pidgin MSN 2.6.4 - File Download
https://notcve.org/view.php?id=CVE-2010-0013
09 Jan 2010 — Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Vulne... • https://www.exploit-db.com/exploits/11203 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 8%CPEs: 30EXPL: 0CVE-2010-0277 – pidgin MSN protocol plugin memory corruption
https://notcve.org/view.php?id=CVE-2010-0277
09 Jan 2010 — slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. El archivo slp.c en el plugin del protocolo MSN en la biblioteca libpurple en Pidgin anterior a versión 2.6.6, incluyendo la versión 2.6.4, y Adium versión 1.3.8, permite a los ... • http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn • CWE-399: Resource Management Errors •