CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-20093 – RTLO Injection URI Spoofing
https://notcve.org/view.php?id=CVE-2020-20093
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. Facebook Messenger app para iOS versiones 227.0 y anteriores y Android versión 228.1.0.10.116 y la interfaz de usuario anterior, no representan apropiadamente los mensajes URI para el usuario, lo que resulta en una suplantación de URI por medio de mensajes especialmente diseñados RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, and Facebook Messenger. • http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html https://github.com/zadewg/RIUS •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17476
https://notcve.org/view.php?id=CVE-2020-17476
Mibew Messenger before 3.2.7 allows XSS via a crafted user name. Mibew Messenger versiones anteriores a 3.2.7, permite un ataque de tipo XSS por medio de un nombre de usuario diseñado • https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8688
https://notcve.org/view.php?id=CVE-2014-8688
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. Se ha descubierto un problema en Telegram Messenger 2.6 para iOS y 1.8.2 para Android. Los mensajes secretos del chat están disponibles en texto plano en memoria de proceso y un archivo .db. • https://blog.zimperium.com/telegram-hack • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 1CVE-2014-7216
https://notcve.org/view.php?id=CVE-2014-7216
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. Múltiples desbordamientos de buffer basado en pila en Yahoo! Messenger 11.5.0.228 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (colapso) y posiblemente ejecutar código arbitrario a través del (1) acceso directo o de (2) las claves de título en un archivo emoticons.xml. • http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html http://seclists.org/fulldisclosure/2015/Sep/24 http://www.securityfocus.com/archive/1/536390/100/0/threaded http://www.securitytracker.com/id/1033544 https://hackerone.com/reports/10767 https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 50%CPEs: 7EXPL: 0CVE-2013-1085 – Novell GroupWise Messenger import Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1085
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. Desbordamiento de búfer basado en pila en el nim: protocolo de manejo en Novell GroupWise Messenger v2.04 y anteriores, y Novell Messenger v2.1.x y v2.2.2, que permite a atacantes remotos ejecutar código arbitrario a través de un comando de importación que contiene una cadena larga en el parámetro de nombre de archivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of specific commands passed to the messenger via the nim:// protocol handler. By crafting a page with a large filename parameter within an import command, a stack-based buffer overflow can be made to occur. • http://www.novell.com/support/kb/doc.php?id=7011935 http://www.zerodayinitiative.com/advisories/ZDI-13-036 https://bugzilla.novell.com/show_bug.cgi?id=777352 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •