CVE-2007-1904
https://notcve.org/view.php?id=CVE-2007-1904
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. Vulnerabilidad de salto de directorio en AOL Instant Messenger (AIM) 5.9 y anteriores, e ICQ 5.1 y probablemente anteriores permite a atacantes remotos con la complicidad del usuario mediante secuencias .. (punto punto) en un nombre de fichero en una operación de transferencia de fichero. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508 http://secunia.com/advisories/24747 http://secunia.com/advisories/24803 http://www.securityfocus.com/bid/23391 http://www.securitytracker.com/id?1017890 http://www.securitytracker.com/id?1017891 http://www.vupen.com/english/advisories/2007/1306 http://www.vupen.com/english/advisories/2007/1307 https://exchange.xforce.ibmcloud.com/vulnerabilities/33538 •
CVE-2006-4662
https://notcve.org/view.php?id=CVE-2006-4662
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. Desbordamiento de búfer basado en montón en la función MCRegEx__Search en AOL ICQ Pro 2003b Build 3916 y anteriores permiten a un atacanet remoto ejecutar código de su elección a través de un campo grnde inconsistente de un mensaje en un tipo 0x2711 Type-Length-Value (TLV). • http://secunia.com/advisories/21834 http://securityreason.com/securityalert/1530 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509 http://www.kb.cert.org/vuls/id/400780 http://www.securityfocus.com/archive/1/445513/100/0/threaded http://www.securityfocus.com/bid/19897 http://www.vupen.com/english/advisories/2006/3527 https://exchange.xforce.ibmcloud.com/vulnerabilities/28835 •
CVE-2000-0564
https://notcve.org/view.php?id=CVE-2000-0564
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. • http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0218.html •