23 matches found
EUVD-2002-1645
Malware in sbrugna...
CVE-2025-46171
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum...
CVE-2025-46171
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum...
CVE-2025-46171
CVE-2025-46171 — vBulletin 3.8.7 DoS via buddylist . Multiple connected sources confirm that an authenticated user who maintains a sufficiently large buddy list can trigger excessive memory usage when the server processes the buddylist (misc.php?do=buddylist), leading to resource exhaustion and f...
CVE-2025-46171
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum...
PT-2025-30595 · Vbulletin · Vbulletin
Name of the Vulnerable Software and Affected Versions: vBulletin version 3.8.7 Description: vBulletin is susceptible to a denial-of-service condition through the misc.php?do=buddylist endpoint. Processing a large buddy list by an authenticated user can lead to excessive memory consumption,...
CVE-2011-5133
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."...
Clansphere CMS 2011.4 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into the username of the...
Clansphere CMS 2011.4 Cross Site Scripting
Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Date: 2022-10-08 Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into th...
SUSE CVE-2007-4996
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service crash via a nudge message that triggers an access of "an invalid memory location."...
AOL Instant Messenger 4.x Unauthorized Actions Vulnerability
0 0 0 0 source: http://www.securityfocus.com/bid/5246/info The AOL Instant Messenger client is prone to an issue which may allow maliciously crafted HTML to perform unauthorized actions such as adding entries to the buddy list on behalf of the user of a vulnerable client. This condition is due to...
Design/Logic Flaw
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."...
CVE-2011-5133
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."...
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)
Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10...
CVE-2011-4601
familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...
(libpurple): Invalid UTF-8 string handling in OSCAR messages
familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...
(libpurple): Invalid UTF-8 string handling in OSCAR messages
familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...
DEBIAN-CVE-2007-4996
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service crash via a nudge message that triggers an access of "an invalid memory location."...
CVE-2002-1664
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information...
AOL Instant Messenger 4.x - Unauthorized Actions
AOL Instant Messenger 4.x - Unauthorized Actions source: https://www.securityfocus.com/bid/5246/info The AOL Instant Messenger client is prone to an issue which may allow maliciously crafted HTML to perform unauthorized actions such as adding entries to the buddy list on behalf of the user of a...