Vulnerabilities > AOL
|2014-09-09||CVE-2014-5570|| Cryptographic Issues vulnerability in AOL Dailyfinance - Stocks & News 220.127.116.11 |
The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 18.104.22.168 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| 5.4 |
|2012-11-04||CVE-2012-5816|| Improper Input Validation vulnerability in AOL AIM 22.214.171.124 |
AOL Instant Messenger (AIM) 126.96.36.199 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| 5.8 |
|2010-06-17||CVE-2010-1374|| Path Traversal vulnerability in Apple mac OS X and mac OS X Server |
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
| 4.3 |
|2010-01-13||CVE-2009-4494|| Improper Input Validation vulnerability in AOL Aolserver 4.5.1 |
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
| 5.0 |
|2009-10-09||CVE-2009-3658|| Resource Management Errors vulnerability in AOL products |
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 188.8.131.52 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
| 9.3 |
|2009-08-03||CVE-2009-2404|| Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3 |
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
| 9.3 |
|2008-02-04||CVE-2007-6699|| Buffer Errors vulnerability in AOL YGP Piceditor Activex Control 184.108.40.206 |
Multiple buffer overflows in the AIM PicEditor 220.127.116.11 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.
| 4.3 |
|2008-01-09||CVE-2007-6250|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products |
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.
| 9.3 |
|2007-11-14||CVE-2007-5755|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in AOL Radio |
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 18.104.22.168 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
| 9.3 |
|2007-09-27||CVE-2007-5124|| Code Injection vulnerability in AOL Instant Messenger |
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 22.214.171.124 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown.
| 6.8 |