Filtered by vendor Cerulean Studios
Subscribe
Total
34 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5824 | 1 Cerulean Studios | 1 Trillian | 2022-02-07 | 5.8 MEDIUM | N/A |
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831. | |||||
CVE-2009-4831 | 1 Cerulean Studios | 1 Trillian | 2022-02-07 | 5.8 MEDIUM | N/A |
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. | |||||
CVE-2007-2418 | 1 Cerulean Studios | 1 Trillian Pro | 2018-10-16 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. | |||||
CVE-2008-5402 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | |||||
CVE-2008-5403 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | |||||
CVE-2008-5401 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | |||||
CVE-2008-2008 | 1 Cerulean Studios | 1 Trillian | 2018-10-11 | 9.3 HIGH | N/A |
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message. | |||||
CVE-2008-2409 | 1 Cerulean Studios | 1 Trillian | 2017-08-07 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. | |||||
CVE-2007-3833 | 1 Cerulean Studios | 1 Trillian | 2017-07-28 | 5.0 MEDIUM | N/A |
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
CVE-2007-3832 | 1 Cerulean Studios | 1 Trillian | 2017-07-28 | 9.3 HIGH | N/A |
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. | |||||
CVE-2007-3305 | 1 Cerulean Studios | 1 Trillian | 2017-07-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | |||||
CVE-2007-2479 | 1 Cerulean Studios | 1 Trillian | 2017-07-28 | 7.1 HIGH | 5.9 MEDIUM |
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | |||||
CVE-2007-2478 | 1 Cerulean Studios | 1 Trillian Pro | 2017-07-28 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. | |||||
CVE-2005-2444 | 1 Cerulean Studios | 1 Trillian Pro | 2017-07-10 | 2.1 LOW | N/A |
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information. | |||||
CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2017-07-10 | 7.5 HIGH | N/A |
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | |||||
CVE-2004-2304 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2017-07-10 | 7.5 HIGH | N/A |
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | |||||
CVE-2004-2370 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2017-07-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name. | |||||
CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2017-07-10 | 5.0 MEDIUM | N/A |
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
CVE-2005-3141 | 1 Cerulean Studios | 1 Trillian | 2016-10-17 | 5.0 MEDIUM | N/A |
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. | |||||
CVE-2005-0875 | 1 Cerulean Studios | 1 Trillian | 2016-10-17 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. |