Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the sendinstantmessages function. An attacker can gain access to user names they should not have access to by exploiting this error message handling. Remediation Upgrade...

UBUNTU-CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

SUSE CVE-2010-0423

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service CPU consumption and application hang by sending many smileys in a 1 IM or 2 chat...

CVE-2018-0201

CVE-2018-0201 is a cross-site scripting vulnerability in Cisco Jabber Client Framework (JCF). The issue arises from improper neutralization of input during web page generation, enabling an authenticated, remote attacker to trigger XSS by embedding media in instant messages. The exploit could caus...

CVE-2018-0201

A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit...

ttCMS 2.2/2.3,ttForum 1.1 Index.PHP Instant-Messages Preferences SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7634/info A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks. It has been reported that a problem exists in the Instant-Messages script distributed as part of the softwar...

EveryBuddy 0.4.3 Long Message Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8343/info EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. This condition may be due to a buff...

FreeBSD : libotr -- buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

OTR developers report : The otrlbase64otrdecode function and similar functions within OTR suffer from buffer overflows in the case of malformed input; specifically if a message of the format of '?OTR:===.' is received then a zero-byte allocation is performed without a similar correlation between...

libotr -- buffer overflows

OTR developers report: The otrlbase64otrdecode function and similar functions within OTR suffer from buffer overflows in the case of malformed input; specifically if a message of the format of "?OTR:===." is received then a zero-byte allocation is performed without a similar correlation between t...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10...

CVE-2011-1717

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...

DEBIAN-CVE-2010-0423

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service CPU consumption and application hang by sending many smileys in a 1 IM or 2 chat...

pidgin: Smiley Denial of Service

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service CPU consumption and application hang by sending many smileys in a 1 IM or 2 chat...

CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

Code injection

Microsoft Communicator allows remote attackers to cause a denial of service application or device outage via instant messages containing large numbers of emoticons...

CVE-2007-1178

WebAPP before 0.9.9.5 does not check access in certain contexts related to 1 Calendar Administration, 2 Instant Messages Administration, and 3 the Image Uploader, which has unknown impact and attack vectors...

Design/Logic Flaw

WebAPP before 0.9.9.5 does not check access in certain contexts related to 1 Calendar Administration, 2 Instant Messages Administration, and 3 the Image Uploader, which has unknown impact and attack vectors...

CVE-2007-1178

WebAPP before 0.9.9.5 does not check access in certain contexts related to 1 Calendar Administration, 2 Instant Messages Administration, and 3 the Image Uploader, which has unknown impact and attack vectors...

CVE-2007-1178

WebAPP before 0.9.9.5 does not check access in certain contexts related to 1 Calendar Administration, 2 Instant Messages Administration, and 3 the Image Uploader, which has unknown impact and attack vectors...

EveryBuddy 0.4.3 - Long Message Denial of Service

EveryBuddy 0.4.3 - Long Message Denial of Service source: https://www.securityfocus.com/bid/8343/info EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. This condition may ...