Vulnerabilities > Cerulean Studios > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-11-04 CVE-2012-5824 Improper Certificate Validation vulnerability in Cerulean Studios Trillian 5.1.0.19
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.
5.8
2010-04-29 CVE-2009-4831 Improper Certificate Validation vulnerability in Cerulean Studios Trillian 3.1
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
5.8
2007-07-17 CVE-2007-3833 Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field.
network
low complexity
cerulean-studios
5.0
2006-02-04 CVE-2006-0543 Denial-Of-Service vulnerability in Cerulean Studios Trillian 3.1.0.120
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5.
network
low complexity
cerulean-studios
5.0
2005-10-05 CVE-2005-3141 Denial-Of-Service vulnerability in Cerulean Studios Trillian 3.0
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
network
low complexity
cerulean-studios
5.0
2005-05-02 CVE-2005-0875 Unspecified vulnerability in Cerulean Studios Trillian 2.0/3.0/3.1
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
network
low complexity
cerulean-studios
5.0
2005-05-02 CVE-2005-0874 Unspecified vulnerability in Cerulean Studios Trillian 2.0
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
network
low complexity
cerulean-studios
5.0
2003-08-18 CVE-2003-0520 Denial Of Service vulnerability in Cerulean Studios Trillian 0.74/1.0
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
network
low complexity
cerulean-studios
5.0
2003-04-02 CVE-2002-1488 Denial Of Service vulnerability in Cerulean Studios Trillian 0.74
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
network
low complexity
cerulean-studios
5.0
2003-04-02 CVE-2002-1487 Denial Of Service vulnerability in Cerulean Studios Trillian 0.74
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
network
low complexity
cerulean-studios
5.0