CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2011-2074
https://notcve.org/view.php?id=CVE-2011-2074
10 May 2011 — Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. Vulnerabilidad no especificada en el cliente de Skype v5.x antes de v5.1.0.922 en Mac OS X permite a usuarios autenticados remotamente ejecutar código de su elección o causar una denegación de servicio (solicitud de bloqueo) a través de un mensaje manipulado. • http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1717
https://notcve.org/view.php?id=CVE-2011-1717
18 Apr 2011 — Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information. Skype para Android almacena datos sensibles del usuario sin cifrar en base de datos sqlite3 que tiene permisos débiles, lo que permite que aplicaciones lean IDs de usuario, contactos, números de teléfono, fecha de cumpleaños, logs de mensajería instantánea... • http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 151EXPL: 2CVE-2010-3136 – Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3136
26 Aug 2010 — Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. Vulnerabilidad de búsqueda en ruta no confiable en Skype v4.2.0.169 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a cabo ataques de secuestro de DLL a través de un troyano wab3... • https://www.exploit-db.com/exploits/14766 •
CVSS: 10.0EPSS: 0%CPEs: 144EXPL: 0CVE-2009-4741
https://notcve.org/view.php?id=CVE-2009-4741
26 Mar 2010 — Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. Vulnerabilidad no específica en Extras Manager anteriores a v2.0.0.67 en Skype anteriores a v4.1.0.179 en Windows, tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37012 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2008-5697 – Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing
https://notcve.org/view.php?id=CVE-2008-5697
22 Dec 2008 — The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. El método skype_tool.copy_num en la extensión Skype BETA 2.2.0.95 para Firefox, permite a atacantes remotos escribir datos de su elección en el portapapeles a través de un argumento de cadena. • https://www.exploit-db.com/exploits/6690 •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-2545
https://notcve.org/view.php?id=CVE-2008-2545
06 Jun 2008 — Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139, utiliza comparaciones sensibles a mayúsculas y minúsculas cuando revisa extensiones peligrosas, las cuales permiten a atacantes remotos asistidos por ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-1805 – iDEFENSE Security Advisory 2008-06-04.2
https://notcve.org/view.php?id=CVE-2008-1805
05 Jun 2008 — Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. Vulnerabilidad de lista negra incompleta en Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139; permite a atacantes remotos con la ayuda del usuario evitar los diálogos de aviso y posibilita la ejecución de código de su ele... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2008-0583
https://notcve.org/view.php?id=CVE-2008-0583
05 Feb 2008 — Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.... • http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0582
https://notcve.org/view.php?id=CVE-2008-0582
05 Feb 2008 — Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web Internet Explorer en Skype 3.1 hasta 3.6.0.244 en Windows permite... • http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 41%CPEs: 5EXPL: 0CVE-2008-0454
https://notcve.org/view.php?id=CVE-2008-0454
25 Jan 2008 — Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web In... • http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •