Gadu Gadu
Products
2- 18 CVEs
- 18 CVEs
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1410 | 0.03 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229. | |||
| CVE-2004-2530 | 0.03 | — | 0.02 | Dec 31, 2004 | Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box. | |||
| CVE-2007-6411 | 0.00 | — | 0.04 | Dec 17, 2007 | Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | |||
| CVE-2007-6409 | 0.00 | — | 0.01 | Dec 17, 2007 | The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | |||
| CVE-2007-6410 | 0.00 | — | 0.00 | Dec 17, 2007 | Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg… | |||
| CVE-2005-3889 | 0.00 | — | 0.02 | Nov 29, 2005 | Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. | |||
| CVE-2005-3891 | 0.00 | — | 0.02 | Nov 29, 2005 | Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer. | |||
| CVE-2005-3890 | 0.00 | — | 0.02 | Nov 29, 2005 | Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs. | |||
| CVE-2005-3888 | 0.00 | — | 0.02 | Nov 29, 2005 | Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped. | |||
| CVE-2005-3892 | 0.00 | — | 0.01 | Nov 29, 2005 | Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | |||
| CVE-2005-3887 | 0.00 | — | 0.02 | Nov 29, 2005 | Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:". | |||
| CVE-2004-1229 | 0.00 | — | 0.02 | Jan 10, 2005 | Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410. | |||
| CVE-2004-1233 | 0.00 | — | 0.02 | Jan 10, 2005 | Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | |||
| CVE-2004-1231 | 0.00 | — | 0.02 | Jan 10, 2005 | Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype. | |||
| CVE-2004-1230 | 0.00 | — | 0.01 | Jan 10, 2005 | Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype. | |||
| CVE-2004-1232 | 0.00 | — | 0.06 | Jan 10, 2005 | Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename. | |||
| CVE-2004-1411 | 0.00 | — | 0.01 | Dec 31, 2004 | Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters. | |||
| CVE-2004-2529 | 0.00 | — | 0.02 | Dec 31, 2004 | Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities. | |||
| CVE-2004-1414 | 0.00 | — | 0.01 | Dec 31, 2004 | Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images. | |||
| CVE-2004-1676 | 0.00 | — | 0.03 | Sep 12, 2004 | Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. |
- CVE-2004-1410Dec 31, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
- CVE-2004-2530Dec 31, 2004risk 0.03cvss —epss 0.02
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
- CVE-2007-6411Dec 17, 2007risk 0.00cvss —epss 0.04
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
- CVE-2007-6409Dec 17, 2007risk 0.00cvss —epss 0.01
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
- CVE-2007-6410Dec 17, 2007risk 0.00cvss —epss 0.00
Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg…
- CVE-2005-3889Nov 29, 2005risk 0.00cvss —epss 0.02
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
- CVE-2005-3891Nov 29, 2005risk 0.00cvss —epss 0.02
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
- CVE-2005-3890Nov 29, 2005risk 0.00cvss —epss 0.02
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
- CVE-2005-3888Nov 29, 2005risk 0.00cvss —epss 0.02
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
- CVE-2005-3892Nov 29, 2005risk 0.00cvss —epss 0.01
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
- CVE-2005-3887Nov 29, 2005risk 0.00cvss —epss 0.02
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
- CVE-2004-1229Jan 10, 2005risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.
- CVE-2004-1233Jan 10, 2005risk 0.00cvss —epss 0.02
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.
- CVE-2004-1231Jan 10, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.
- CVE-2004-1230Jan 10, 2005risk 0.00cvss —epss 0.01
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.
- CVE-2004-1232Jan 10, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.
- CVE-2004-1411Dec 31, 2004risk 0.00cvss —epss 0.01
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
- CVE-2004-2529Dec 31, 2004risk 0.00cvss —epss 0.02
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
- CVE-2004-1414Dec 31, 2004risk 0.00cvss —epss 0.01
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
- CVE-2004-1676Sep 12, 2004risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.