CVE-2005-3892

Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.

CVE-2005-3887

Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".

CVE-2004-1231

Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.

CVE-2004-1233

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.

CVE-2004-1230

Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.

CVE-2004-1414

Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.

CVE-2004-2529

Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.