CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2363 – AOL AIM Triton Invite denial of service
https://notcve.org/view.php?id=CVE-2024-2363
10 Mar 2024 — A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. • https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5816
https://notcve.org/view.php?id=CVE-2012-5816
04 Nov 2012 — AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. AOL Instant Messenger (AIM) v1.0.1.2 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite ataques man-in-the... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2010-1374
https://notcve.org/view.php?id=CVE-2010-1374
17 Jun 2010 — Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-4901
https://notcve.org/view.php?id=CVE-2007-4901
14 Sep 2007 — The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. El control de servidor de Int... • http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1891
https://notcve.org/view.php?id=CVE-2005-1891
08 Jun 2005 — The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. • http://marc.info/?l=bugtraq&m=111816939928640&w=2 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2000-1094 – AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1094
09 Jan 2001 — Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. • https://www.exploit-db.com/exploits/20511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •