CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-1904
https://notcve.org/view.php?id=CVE-2007-1904
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. Vulnerabilidad de salto de directorio en AOL Instant Messenger (AIM) 5.9 y anteriores, e ICQ 5.1 y probablemente anteriores permite a atacantes remotos con la complicidad del usuario mediante secuencias .. (punto punto) en un nombre de fichero en una operación de transferencia de fichero. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508 http://secunia.com/advisories/24747 http://secunia.com/advisories/24803 http://www.securityfocus.com/bid/23391 http://www.securitytracker.com/id?1017890 http://www.securitytracker.com/id?1017891 http://www.vupen.com/english/advisories/2007/1306 http://www.vupen.com/english/advisories/2007/1307 https://exchange.xforce.ibmcloud.com/vulnerabilities/33538 •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 2CVE-2006-5650 – America Online ICQ ActiveX Control Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-5650
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. El control ActiveX ICQPhone.SipxPhoneManager en America Online ICQ 5.1 permite a atacantes remotos bajar y ejecutar código de su elección mediante la función DownloadAgent, como ha sido demostrado usando un avatar ICQ. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control with the following CLSID: 54BDE6EC-F42F-4500-AC46-905177444300 The vulnerable function takes a single URI argument of a file to download and execute under the context of the running user. A malicious ICQ avatar can be used as an exploitation vector, allowing attackers to exploit this vulnerability by simply messaging a target ICQ user. • https://www.exploit-db.com/exploits/28916 https://www.exploit-db.com/exploits/16554 http://secunia.com/advisories/22670 http://securityreason.com/securityalert/1830 http://securitytracker.com/id?1017163 http://www.securityfocus.com/archive/1/450726/100/0/threaded http://www.securityfocus.com/bid/20930 http://www.vupen.com/english/advisories/2006/4362 http://www.zerodayinitiative.com/advisories/ZDI-06-037.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30059 •
CVSS: 7.5EPSS: 35%CPEs: 19EXPL: 0CVE-2006-4662
https://notcve.org/view.php?id=CVE-2006-4662
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. Desbordamiento de búfer basado en montón en la función MCRegEx__Search en AOL ICQ Pro 2003b Build 3916 y anteriores permiten a un atacanet remoto ejecutar código de su elección a través de un campo grnde inconsistente de un mensaje en un tipo 0x2711 Type-Length-Value (TLV). • http://secunia.com/advisories/21834 http://securityreason.com/securityalert/1530 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509 http://www.kb.cert.org/vuls/id/400780 http://www.securityfocus.com/archive/1/445513/100/0/threaded http://www.securityfocus.com/bid/19897 http://www.vupen.com/english/advisories/2006/3527 https://exchange.xforce.ibmcloud.com/vulnerabilities/28835 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2000-0564
https://notcve.org/view.php?id=CVE-2000-0564
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. • http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0218.html •