CVSS: 10.0EPSS: 26%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
04 Dec 2008 — Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execut... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 18%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
04 Dec 2008 — Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of ... • http://blog.ceruleanstudios.com/?p=404 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
04 Dec 2008 — Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean St... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 0CVE-2008-2408 – Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2408
21 May 2008 — Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. Desbordamiento de búfer basado en montículo en la funcionalidad del analizador sintáctico XML en talk.dll en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de un atributo mal formado en una etiqueta IMG. This vulnerability allows ... • http://archives.neohapsis.com/archives/bugtraq/2008-05/0284.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2007-2478
https://notcve.org/view.php?id=CVE-2007-2478
03 May 2007 — Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. Múltiples desbordamientos de búfer basado en pila en el componente IRC en Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos corr... • http://blog.ceruleanstudios.com/?p=131 •
CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2007-2418
https://notcve.org/view.php?id=CVE-2007-2418
02 May 2007 — Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. Desbordamiento de búfer basado en pila en el componente Rendezvous / Extensible Messaging y Presence Protocol (XMPP) (plugins\rendezvous.dll) para Cerulean Studios Trillian Pro anterior a 3.1.5.1 ... • http://blog.ceruleanstudios.com/?p=131 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2444
https://notcve.org/view.php?id=CVE-2005-2444
03 Aug 2005 — Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information. Trillian Pro 3.1 build 121, cuando comprueba el e-mail de Yahoo, almacena el password en texto plano en un fichero legible y no borra ese fichero después del login, lo que permite que usuarios locales conozcan esa información. • http://marc.info/?l=bugtraq&m=112274667603628&w=2 •