Gadu-gadu

Gadu-gadu Instant Messenger

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-6411

Exploit
  • EPSS 2.96%
  • Veröffentlicht 17.12.2007 18:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots....

4.3

CVE-2007-6410

  • EPSS 0.12%
  • Veröffentlicht 17.12.2007 18:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link,...

4.3

CVE-2007-6409

  • EPSS 0.48%
  • Veröffentlicht 17.12.2007 18:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.

5

CVE-2005-3892

  • EPSS 0.46%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.

7.8

CVE-2005-3891

  • EPSS 1.75%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the ...

7.8

CVE-2005-3890

  • EPSS 1.6%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.

7.8

CVE-2005-3888

  • EPSS 1.89%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.

5.4

CVE-2005-3887

Exploit
  • EPSS 1.41%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".

5

CVE-2004-1233

  • EPSS 0.74%
  • Veröffentlicht 10.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.

10

CVE-2004-1232

  • EPSS 5.17%
  • Veröffentlicht 10.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.