Gadu-gadu Instant Messenger Security Vulnerabilities and Issues — Gadu-gadu Instant Messenger CVE List

Lucene search

Gadu-gaduGadu-gadu Instant Messenger

4 matches found

CVE•added 2005/02/12 5:0 a.m.•41 views

CVE-2004-1410

Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.

4.3CVSS6AI score0.01075EPSS

CVE•added 2007/12/17 6:46 p.m.•34 views

CVE-2007-6410

Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.

4.3CVSS7.3AI score0.00114EPSS

CVE•added 2007/12/17 6:46 p.m.•32 views

CVE-2007-6409

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.

4.3CVSS6.7AI score0.00443EPSS

CVE•added 2007/12/17 6:46 p.m.•29 views

CVE-2007-6411

Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.

4.3CVSS7.9AI score0.02999EPSS