Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7387
HistoryDec 21, 2004 - 12:00 a.m.

Gadu-Gadu Remote DoS (all versions)

2004-12-2100:00:00
vulners.com
7
JSON

Product: Tlen.pl (<= 5.23.4.1)
Vendor: o2.pl Sp. z o.o. (http://www.tlen.pl/&#41;
Impact: Remote script execution
Severity: High
Authors: Blazej Miga <[email protected]>,
Jaroslaw Sajko <[email protected]>
Date: 20/12/04

[ISSUE]

Tlen.pl is the instant messenger application used by more than 700 000
users.
There is a vulnerability in message parsing which allows remote execution
of arbitrary script.

[DETAILS]

There is a parsing error. We can send a malicious string which has an url
inside. This url can be a javascript code for example. Code will execute
when the window with the message pops up.

[POF]

Send such a string to any receipent:
www.tlen.pl"style=background-image:url(javascript:alert(%22You%20are%20owned!%22));.pl

[SOLUTION]

Please upgrade to the newest version (5.23.4.2)

    Copyright Poznan Supercomputing and Networking Center

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

JSON