Vulnerabilities > Gadu Gadu

DATE CVE VULNERABILITY TITLE RISK
2007-12-17 CVE-2007-6409 Configuration vulnerability in Gadu-Gadu Instant Messenger
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
network
gadu-gadu CWE-16
4.3
2007-12-17 CVE-2007-6410 Cross-Site Request Forgery (CSRF) vulnerability in Gadu-Gadu Instant Messenger
Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.
network
gadu-gadu CWE-352
4.3
2007-12-17 CVE-2007-6411 Buffer Errors vulnerability in Gadu-Gadu Instant Messenger 7.7
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
network
gadu-gadu CWE-119
4.3
2005-11-29 CVE-2005-3887 Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
network
high complexity
gadu-gadu
5.4
2005-11-29 CVE-2005-3888 Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
network
low complexity
gadu-gadu
7.8
2005-11-29 CVE-2005-3889 Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
network
low complexity
gadu-gadu
7.8
2005-11-29 CVE-2005-3890 Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
network
low complexity
gadu-gadu
7.8
2005-11-29 CVE-2005-3891 Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
network
low complexity
gadu-gadu
7.8
2005-11-29 CVE-2005-3892 Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
network
low complexity
gadu-gadu
5.0
2005-01-10 CVE-2004-1229 Remote vulnerability in Gadu-Gadu
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.
network
low complexity
gadu-gadu
7.5