CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5321 – aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation
https://notcve.org/view.php?id=CVE-2025-5321
29 May 2025 — A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c • CWE-264: Permissions, Privileges, and Access Controls CWE-265: Privilege Issues •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2010-1374
https://notcve.org/view.php?id=CVE-2010-1374
17 Jun 2010 — Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1891
https://notcve.org/view.php?id=CVE-2005-1891
08 Jun 2005 — The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. • http://marc.info/?l=bugtraq&m=111816939928640&w=2 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2000-1094 – AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1094
09 Jan 2001 — Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. • https://www.exploit-db.com/exploits/20511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •