Trillian Security Vulnerabilities and Issues — Trillian CVE List

Lucene search

Cerulean StudiosTrillian

12 matches found

CVE•added 2006/02/04 2:2 a.m.•44 views

CVE-2006-0543

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) 'd1, (2) 'd2, (3) 'd3, (4) 'd4, and (5) 'd5. NOTE: the provenance of this information is unknown; the details are...

5CVSS6.6AI score0.00655EPSS

CVE•added 2010/04/29 7:30 p.m.•44 views

CVE-2009-4831

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.

5.8CVSS6.5AI score0.00449EPSS

CVE•added 2005/03/20 5:0 a.m.•36 views

CVE-2001-1419

AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "

5CVSS6.9AI score0.07132EPSS

CVE•added 2005/05/02 4:0 a.m.•36 views

CVE-2005-0874

Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

5CVSS7.2AI score0.00506EPSS

CVE•added 2003/08/18 4:0 a.m.•35 views

CVE-2003-0520

Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.

5CVSS7AI score0.00655EPSS

CVE•added 2005/10/05 9:2 p.m.•35 views

CVE-2005-3141

Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.

5CVSS7AI score0.00911EPSS

CVE•added 2003/04/02 5:0 a.m.•33 views

CVE-2002-1487

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.

5CVSS7AI score0.15177EPSS

CVE•added 2007/07/17 10:30 p.m.•32 views

CVE-2007-3833

The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:" substring and contains a full pathname in the ini field. NOTE: this can be le...

5CVSS7.3AI score0.01143EPSS

CVE•added 2012/11/04 10:55 p.m.•31 views

CVE-2012-5824

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2...

5.8CVSS6.5AI score0.00449EPSS

CVE•added 2003/04/02 5:0 a.m.•27 views

CVE-2002-1488

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.

5CVSS7AI score0.04376EPSS

CVE•added 2003/04/02 5:0 a.m.•26 views

CVE-2002-1485

The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O

5CVSS6.9AI score0.0057EPSS

CVE•added 2005/05/02 4:0 a.m.•26 views

CVE-2005-0875

Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

5CVSS7.2AI score0.00483EPSS