Vulnerabilities > Gadu Gadu > Gadu Gadu Instant Messenger > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-17 | CVE-2007-6411 | Buffer Errors vulnerability in Gadu-Gadu Instant Messenger 7.7 Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | 4.3 |
| 2007-12-17 | CVE-2007-6410 | Cross-Site Request Forgery (CSRF) vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol. | 4.3 |
| 2007-12-17 | CVE-2007-6409 | Configuration vulnerability in Gadu-Gadu Instant Messenger The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | 4.3 |
| 2005-11-29 | CVE-2005-3892 | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | 5.0 |
| 2005-11-29 | CVE-2005-3887 | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:". | 5.4 |
| 2005-01-10 | CVE-2004-1233 | Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | 5.0 |
| 2005-01-10 | CVE-2004-1231 | Directory Traversal vulnerability in Gadu-Gadu Instant Messenger Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. | 5.0 |
| 2005-01-10 | CVE-2004-1230 | Information Disclosure vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype. | 5.0 |
| 2004-12-31 | CVE-2004-2529 | Remote vulnerability in Gadu-Gadu Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities. | 5.0 |
| 2004-12-31 | CVE-2004-1414 | Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger 6.1Build156 Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images. | 5.0 |