Skype v. 5.x.x - information disclosure

Hello, 3APA3A, Title: ====== Skype v. 5.x.x - information disclosure Date: ===== 2012-02-13 Introduction: ============= Skype is a proprietary voice-over-Internet Protocol service and software application. Abstract: ========= We have discovered improper chat logs handling, which cause in logs...

Skype 5.x.x Information Disclosure

Title: ====== Skype v. 5.x.x - information disclosure Date: ===== 2012-02-13 Introduction: ============= Skype is a proprietary voice-over-Internet Protocol service and software application. Abstract: ========= We have discovered improper chat logs handling, which cause in logs accessibility even...

Three Alleged Anonymous Leaders Arrested in Spain

The New York Times is reporting that Spanish Law enforcement officials have arrested three individuals in connection with cyberattacks on Sony’s PlayStation Network as well as other corporations and governments around the world. The individuals are alleged to be leading members of the internet...

Digsby Persistent Xss and DOS Vulnerability

Exploit for php platform in category web applications =========================================== Digsby Persistent Xss and DOS Vulnerability =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 ...

Spyware Found on 3 Major Mac Download Sites

A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, said security researchers. Read the full article. The Register...

CVE-2009-0934

Cross-site scripting XSS vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs...

Mercury Messenger

Problem description: Mercury Messenger, http://www.mercury.to/, is a java based messenger that will allow it's users to chat with MSN users. Currently it has been noted by two people that on a multi user OS X platform it is possible to read the chat logs from other users. The user specific...

CVE-2006-3669

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users...

CVE-2006-3669

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users...

CVE-2006-3669

CVE-2006-3669 affects Mercury Messenger (potentially 1.7.1.1 and other versions) on multi-user Mac OS X. The vulnerability arises because chat logs are stored with world-readable permissions within the /Users directory, allowing local users to read other users’ logs. The NVD entry lists a LOW bas...

CVE-2005-2956

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files...

CVE-2005-2956

ATutor 1.5.1 (and possibly earlier) stores temporary chat logs under the web document root with insufficient access control and predictable filenames, allowing remote attackers to obtain user chat conversations via direct requests to those files. This CVE entry contains the core detail; no exploi...

ATutor 1.5.1 - Chat Logs Remote Information Disclosure

ATutor 1.5.1 - Chat Logs Remote Information Disclosure source: https://www.securityfocus.com/bid/14832/info ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged...

ATutor 1.5.1 - Chat Logs Remote Information Disclosure

source: https://www.securityfocus.com/bid/14832/info ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged information. A remote attacker can exploit this...

VChat Multiple Remote Vulnerabilities

It is possible to retrieve the log of all the chat sessions that have occurred on the remote vchat server by requesting the file vchat/msg.txt An attacker may use this flaw to read past chat sessions and possibly harass its participants. In addition to this, another flaw in the same product may...

vchat

Product : vchat Version : First WebSite : unknown Problem : View messages Easy DoS Description: ------------ View messages: ============== File with all chat sessions are in txt file msg.txt and everybody can read it Easy DoS: ========= If the size msg.txt will be more than 326 kb a window of a...