Searching chat software vulnerabilities

Buffer overflow in Melange Chat System 1.10 all

overflow | Melange | System | Buffer | Chat |

Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request.


ParaChat Server 4.0 does not log users off if t

repeatedly | browser's | attackers | different | ParaChat | logging | service | invalid | hitting | remote | denial | Server | allows | button | which | users | fills | cause | then | room | user | same | does | back | used | chat | into | log | off | not |

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users.


Buffer overflow in the Yahoo! Audio Conferencin

Conferencing | overflow | Buffer | Audio | Yahoo |

Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.


Unichat allows remote attackers to cause a deni

attackers | Unichat | service | denial | allows | remote | cause |

Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.


Webbsyte Chat 0.9.0 allows remote attackers to

Webbsyte | Chat |

Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.


Bird Chat 1.61 allows remote attackers to cause

Chat | Bird |

Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.


Multiple buffer overflows in Gyach Enhanced (Gy

overflows | Enhanced | Multiple | buffer | Gyach |

Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.


Adventia Chat 3.1 and Server Pro 3.0 allows rem

cross-site | vulnerable | arbitrary | attackers | scripting | Adventia | leaves | script | remote | allows | inject | Server | other | users | which | space | Chat | HTML | into | web | Pro |

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.


WebcamXP PRO v2.16.468 and earlier allows remot

attackers | properly | prevents | WebcamXP | rendered | service | v216468 | earlier | display | remote | allows | denial | takes | space | which | being | frame | cause | chat | long | name | much | PRO | via | too |

WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered.


TCP Chat 1.0 allows remote attackers to cause a

attackers | service | denial | remote | allows | cause | Chat | TCP |

TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.


ATutor 1.5.1, and possibly earlier versions, st

ATutor |

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by Internet Explorer.


SleeperChat 0.3f and earlier allows remote atta

authentication | SleeperChat | attackers | parameter | earlier | entries | create | allows | remote | bypass | txt | 03f | new | via |

SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.


Mercury Messenger, possibly 1.7.1.1 and other v

Messenger | possibly | Mercury |

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.


Static code injection vulnerability in chat_pan

vulnerability | chat_panelphp | SimpleChat | injection | Static | code |

Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.


Direct static code injection vulnerability in c

vulnerability | chat/loginphp | injection | Ultimate | Direct | static | Board | code | PHP |

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.


mycontacts.php in V3 Chat allows remote authent

authenticated | mycontactsphp | membername | privileges | parameter | modified | allows | remote | other | users | Chat | gain | via |

mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.


MOHA Chat 0.1b7 and earlier does not require au

authentication | vectors | require | unknown | earlier | attack | impact | which | does | MOHA | Chat | 01b7 | plug | use | not | has | API |

MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.


Multiple buffer overflows in Doomsday (aka deng

overflows | Doomsday | Multiple | buffer |

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.


Software vulnerabilities results 1 to 20 of 89     
Page: 12345