cbcvebase.

Mirabilis Icq vulnerabilities

23 known vulnerabilities affecting mirabilis/icq.

Total CVEs
23
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH8MEDIUM14LOW1

Vulnerabilities

Page 1 of 2
CVE-2000-0046P4HIGHCVSS 7.5PoCv0.99b_1.1.1.12000-01-10
CVE-2000-0046 [HIGH] CVE-2000-0046: Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malforme Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
nvd
CVE-2006-4662P3HIGHCVSS 7.5v0.99b_1.1.1.1v0.99b_v.3.19+17 more2006-09-09
CVE-2006-4662 [HIGH] CVE-2006-4662: Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earli Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
nvd
CVE-2003-0769P4MEDIUMCVSS 4.3PoCv2003a_build3777v2003a_build3799+1 more2003-09-22
CVE-2003-0769 [MEDIUM] CVE-2003-0769: Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remo Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
nvd
CVE-2002-0028P3HIGHCVSS 7.5v2000.0av2000.0b_build3278+3 more2002-02-27
CVE-2002-0028 [HIGH] CVE-2002-0028: Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitr Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
nvd
CVE-2003-0235P4HIGHCVSS 7.5v99a_2.15build1701v99a_2.21build1800+11 more2003-05-27
CVE-2003-0235 [HIGH] CVE-2003-0235: Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious serve Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
nvd
CVE-2003-0237P4HIGHCVSS 7.5v99a_2.15build1701v99a_2.21build1800+11 more2003-05-27
CVE-2003-0237 [HIGH] CVE-2003-0237: The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
nvd
CVE-2003-0236P4HIGHCVSS 7.5v99a_2.15build1701v99a_2.21build1800+11 more2003-05-27
CVE-2003-0236 [HIGH] CVE-2003-0236: Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to e Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
nvd
CVE-1999-0474P4MEDIUMCVSS 5.0v99a_2.13build17001999-04-05
CVE-1999-0474 [MEDIUM] CVE-1999-0474: The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
nvd
CVE-1999-1289P4HIGHCVSS 7.5v98_beta1998-11-11
CVE-1999-1289 [HIGH] CVE-1999-1289: ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an IC ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
nvd
CVE-2002-2329P4HIGHCVSS 7.8v2001bv2002a+1 more2002-12-31
CVE-2002-2329 [HIGH] CWE-20 CVE-2002-2329: ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumpt ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
nvd
CVE-2006-0765P4MEDIUMCVSS 5.1v2003av2003b2006-02-18
CVE-2006-0765 [MEDIUM] CVE-2006-0765: GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Li GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the
nvd
CVE-2006-0766P4MEDIUMCVSS 5.1v2003av2003b2006-02-18
CVE-2006-0766 [MEDIUM] CVE-2006-0766: ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versi ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and
nvd
CVE-2006-2303P4MEDIUMCVSS 6.4v5.04_build23212006-05-11
CVE-2006-2303 [MEDIUM] CVE-2006-2303: Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows rem Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object.
nvd
CVE-2005-3433P4MEDIUMCVSS 5.1v2002a_build3728v2003a_build38002005-11-02
CVE-2005-3433 [MEDIUM] CVE-2005-3433: Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by c Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields.
nvd
CVE-2000-0564P4MEDIUMCVSS 5.0v0.99b_1.1.1.1v0.99b_v.3.19+4 more2000-05-29
CVE-2000-0564 [MEDIUM] CVE-2000-0564: The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote atta The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
nvd
CVE-2001-0367P4MEDIUMCVSS 5.0v2000.0b_build32782001-06-27
CVE-2001-0367 [MEDIUM] CVE-2001-0367: Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of se Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
nvd
CVE-2003-0239P4MEDIUMCVSS 5.0v99a_2.15build1701v99a_2.21build1800+11 more2003-05-27
CVE-2003-0239 [MEDIUM] CVE-2003-0239: icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to caus icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
nvd
CVE-2002-2075P4MEDIUMCVSS 5.0v2001av2002b2002-12-31
CVE-2002-2075 [MEDIUM] CVE-2002-2075: ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and han ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
nvd
CVE-2001-1305P4MEDIUMCVSS 5.0v2000.0av2000.0b_build3278+1 more2001-08-17
CVE-2001-1305 [MEDIUM] CVE-2001-1305: ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ us ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
nvd
CVE-2003-0238P4MEDIUMCVSS 5.0v99a_2.15build1701v99a_2.21build1800+11 more2003-05-27
CVE-2003-0238 [MEDIUM] CVE-2003-0238: The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of s The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
nvd
Mirabilis Icq vulnerabilities | cvebase