Vulnerabilites related to ipswitch - imserver
Vulnerability from fkie_nvd
Published
2007-07-24 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imserver | 2.0.5.30 | |
| ipswitch | ipswitch_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imserver:2.0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3FE76-66E3-4758-8110-D065A46C7444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4029080C-ABDC-411F-9834-1670C85F3F89",
"versionEndIncluding": "2.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions."
},
{
"lang": "es",
"value": "El IM Server (tambi\u00e9n conocido como a IMserve or IMserver) 2.0.5.30 y probablemente versiones anteriores en Ipswitch Instant Messaging versiones anteriores a 2.07 en Ipswitch Collaboration Suite (ICS) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante determinados datos al puerto TCP 5179 que sobre-escribe un destructor, como se puede reproducir con las funciones (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, y (4) DoAttachAudioReceiver"
}
],
"id": "CVE-2007-3959",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-24T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25031"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018440"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-25 21:44
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imserver | * | |
| ipswitch | instant_messaging | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37107C28-9B74-4C67-8A0D-E746647C34FF",
"versionEndIncluding": "2.0.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:instant_messaging:*:*:*:*:*:*:*:*",
"matchCriteriaId": "063110BD-F65A-48F8-BD75-54CA1E370D24",
"versionEndIncluding": "2.0.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n de inicio de sesi\u00f3n de IM Server (tambi\u00e9n conocido como IMserve or IMserver) en Ipswitch Instant Messaging (IM) 2.0.8.1 y anteriores permite a usuarios autentificados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente tener otros impactos sin identificar a trav\u00e9s de especificadores de formato de cadena en un campo de una direcci\u00f3n IP."
}
],
"id": "CVE-2008-0945",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-25T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28824"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3697"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-25 21:44
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imserver | * | |
| ipswitch | instant_messaging | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37107C28-9B74-4C67-8A0D-E746647C34FF",
"versionEndIncluding": "2.0.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:instant_messaging:*:*:*:*:*:*:*:*",
"matchCriteriaId": "063110BD-F65A-48F8-BD75-54CA1E370D24",
"versionEndIncluding": "2.0.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en IM Server (tambi\u00e9n conocido como IMserve o IMserver) de Ipswitch Instant Messaging (IM) 2.0.8.1 y anteriores permite a usuarios autentificados remotamente crear archivos vac\u00edos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el campo receptor."
}
],
"id": "CVE-2008-0946",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-25T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3697"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200707-0144
Vulnerability from variot
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. (1) DoAttachVideoSender function (2) DoAttachVideoReceiver function (3) DoAttachAudioSender function (4) DoAttachAudioReceiver function. Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data. Successfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users. Ipswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected. Ipswitch Instant Messaging is the instant messaging software bundled in the Ipswitch collaboration component. The vulnerable code can be reached through the following functions: DoAttachVideoSender DoAttachVideoReceiver DoAttachAudioSender DoAttachAudioReceiver.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is reported in version 2.0.5.30.
SOLUTION: Update to version 2.0.7. http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp
PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via iDefense.
ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "imserver",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0.5.30"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "2.07"
},
{
"_id": null,
"model": "imserver",
"scope": "lte",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2.0.5.30"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "lt",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2.07"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "2.07"
},
{
"_id": null,
"model": "instant messenger",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.0.5.30"
},
{
"_id": null,
"model": "instant messenger",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.07"
}
],
"sources": [
{
"db": "BID",
"id": "25031"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
},
{
"db": "NVD",
"id": "CVE-2007-3959"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:ipswitch_collaboration_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
}
]
},
"credits": {
"_id": null,
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3959",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3959",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-27321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3959",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3959",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-408",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-27321",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27321"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
},
{
"db": "NVD",
"id": "CVE-2007-3959"
}
]
},
"description": {
"_id": null,
"data": "The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. (1) DoAttachVideoSender function (2) DoAttachVideoReceiver function (3) DoAttachAudioSender function (4) DoAttachAudioReceiver function. Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data. \nSuccessfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users. \nIpswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected. Ipswitch Instant Messaging is the instant messaging software bundled in the Ipswitch collaboration component. The vulnerable code can be reached through the following functions: DoAttachVideoSender DoAttachVideoReceiver DoAttachAudioSender DoAttachAudioReceiver. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\nThe vulnerability is reported in version 2.0.5.30. \n\nSOLUTION:\nUpdate to version 2.0.7. \nhttp://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp\n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered by an anonymous researcher and reported via iDefense. \n\nORIGINAL ADVISORY:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
},
{
"db": "BID",
"id": "25031"
},
{
"db": "VULHUB",
"id": "VHN-27321"
},
{
"db": "PACKETSTORM",
"id": "57984"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-3959",
"trust": 2.8
},
{
"db": "BID",
"id": "25031",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26154",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1018440",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2621",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20070723 IPSWITCH INSTANT MESSAGING SERVER DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27321",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57984",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27321"
},
{
"db": "BID",
"id": "25031"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
},
{
"db": "PACKETSTORM",
"id": "57984"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
},
{
"db": "NVD",
"id": "CVE-2007-3959"
}
]
},
"id": "VAR-200707-0144",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27321"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:03:52.914000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Instant Messaging",
"trust": 0.8,
"url": "http://www.imailserver.com/products/ipswitch-instant-messaging/iim-support/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3959"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.1,
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25031"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018440"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26154"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2621"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3959"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3959"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2621"
},
{
"trust": 0.3,
"url": "/archive/1/474469"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26154/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14854/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27321"
},
{
"db": "BID",
"id": "25031"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
},
{
"db": "PACKETSTORM",
"id": "57984"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
},
{
"db": "NVD",
"id": "CVE-2007-3959"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-27321",
"ident": null
},
{
"db": "BID",
"id": "25031",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004173",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "57984",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200707-408",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-3959",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-27321",
"ident": null
},
{
"date": "2007-07-23T00:00:00",
"db": "BID",
"id": "25031",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004173",
"ident": null
},
{
"date": "2007-07-25T01:41:12",
"db": "PACKETSTORM",
"id": "57984",
"ident": null
},
{
"date": "2007-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-408",
"ident": null
},
{
"date": "2007-07-24T18:30:00",
"db": "NVD",
"id": "CVE-2007-3959",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-27321",
"ident": null
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25031",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004173",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-408",
"ident": null
},
{
"date": "2024-11-21T00:34:27.860000",
"db": "NVD",
"id": "CVE-2007-3959",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ICS of Ipswitch Instant Messaging of IM Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004173"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-408"
}
],
"trust": 0.6
}
}
var-200802-0085
Vulnerability from variot
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. These issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected. Remote authentication users can create arbitrary empty files with ".." in the message receiver field
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200802-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imserver",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "instant messaging",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "instant messaging",
"scope": "eq",
"trust": 0.9,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "imserver",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "2.0.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:instant_messaging",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma is credited with discovering these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "27677"
}
],
"trust": 0.3
},
"cve": "CVE-2008-0946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2008-0946",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-31071",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0946",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-0946",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200802-454",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31071",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31071"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. \nAttackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. \nThese issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected. Remote authentication users can create arbitrary empty files with \"..\" in the message receiver field",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0946"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "VULHUB",
"id": "VHN-31071"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0946",
"trust": 2.8
},
{
"db": "BID",
"id": "27677",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3697",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080207 MULTIPLE VULNERABILITIES IN IPSWITCH INSTANT MESSAGING 2.0.8.1",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31071",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31071"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"id": "VAR-200802-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31071"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:03:41.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Instant Messaging",
"trust": 0.8,
"url": "http://www.imailserver.com/products/ipswitch-instant-messaging/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31071"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27677"
},
{
"trust": 1.7,
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"trust": 1.7,
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3697"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0946"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0946"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487748/100/200/threaded"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/instant_messaging"
},
{
"trust": 0.3,
"url": "/archive/1/487748"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31071"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31071"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-31071"
},
{
"date": "2008-02-07T00:00:00",
"db": "BID",
"id": "27677"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"date": "2008-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"date": "2008-02-25T21:44:00",
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-31071"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "27677"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004154"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-454"
},
{
"date": "2024-11-21T00:43:17.330000",
"db": "NVD",
"id": "CVE-2008-0946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IM of IM Server Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-454"
}
],
"trust": 0.6
}
}
var-200802-0084
Vulnerability from variot
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. Ipswitch Instant Messaging is prone to multiple security vulnerabilities, including a denial-of-service vulnerability, a format-string vulnerability, and a vulnerability that allows attackers to overwrite arbitrary files. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. These issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Ipswitch Instant Messaging IMServer Denial of Service
SECUNIA ADVISORY ID: SA28824
VERIFY ADVISORY: http://secunia.com/advisories/28824/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Ipswitch Instant Messaging 2.x http://secunia.com/product/14854/ Ipswitch Collaboration Suite (ICS) 2.x http://secunia.com/product/5167/
DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Ipswitch Instant Messaging, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the IMServer service (IMServer.exe) and can be exploited to crash the service via a specially crafted packet sent to default port 5177/TCP.
NOTE: Other errors have also been reported e.g. a format-string error in the logging function.
The vulnerability is confirmed in version 2.08 and is also reported to affect the IM clients.
SOLUTION: Use in a trusted network environment only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/ipsimene-adv.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200802-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imserver",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "instant messaging",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "instant messaging",
"scope": "eq",
"trust": 0.9,
"vendor": "ipswitch",
"version": "2.0.8.1"
},
{
"model": "imserver",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "2.0.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:instant_messaging",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma is credited with discovering these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "27677"
}
],
"trust": 0.3
},
"cve": "CVE-2008-0945",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2008-0945",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-31070",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0945",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2008-0945",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200802-453",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-31070",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31070"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. Ipswitch Instant Messaging is prone to multiple security vulnerabilities, including a denial-of-service vulnerability, a format-string vulnerability, and a vulnerability that allows attackers to overwrite arbitrary files. \nAttackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. \nThese issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch Instant Messaging IMServer Denial of Service\n\nSECUNIA ADVISORY ID:\nSA28824\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28824/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Instant Messaging 2.x\nhttp://secunia.com/product/14854/\nIpswitch Collaboration Suite (ICS) 2.x\nhttp://secunia.com/product/5167/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in Ipswitch Instant\nMessaging, which can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\nThe vulnerability is caused due to an error in the IMServer service\n(IMServer.exe) and can be exploited to crash the service via a\nspecially crafted packet sent to default port 5177/TCP. \n\nNOTE: Other errors have also been reported e.g. a format-string error\nin the logging function. \n\nThe vulnerability is confirmed in version 2.08 and is also reported\nto affect the IM clients. \n\nSOLUTION:\nUse in a trusted network environment only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/ipsimene-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0945"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "VULHUB",
"id": "VHN-31070"
},
{
"db": "PACKETSTORM",
"id": "63425"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0945",
"trust": 2.8
},
{
"db": "BID",
"id": "27677",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "28824",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3697",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080207 MULTIPLE VULNERABILITIES IN IPSWITCH INSTANT MESSAGING 2.0.8.1",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63425",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31070"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "PACKETSTORM",
"id": "63425"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"id": "VAR-200802-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31070"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:03:42.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Instant Messaging",
"trust": 0.8,
"url": "http://www.imailserver.com/products/ipswitch-instant-messaging/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27677"
},
{
"trust": 1.7,
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28824"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3697"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0945"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0945"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487748/100/200/threaded"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/instant_messaging"
},
{
"trust": 0.3,
"url": "/archive/1/487748"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28824/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14854/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31070"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "PACKETSTORM",
"id": "63425"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31070"
},
{
"db": "BID",
"id": "27677"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"db": "PACKETSTORM",
"id": "63425"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-31070"
},
{
"date": "2008-02-07T00:00:00",
"db": "BID",
"id": "27677"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"date": "2008-02-09T00:15:54",
"db": "PACKETSTORM",
"id": "63425"
},
{
"date": "2008-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"date": "2008-02-25T21:44:00",
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-31070"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "27677"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004153"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-453"
},
{
"date": "2024-11-21T00:43:17.180000",
"db": "NVD",
"id": "CVE-2008-0945"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IM of IM Server of logging Format string vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004153"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-453"
}
],
"trust": 0.6
}
}
CVE-2008-0946 (GCVE-0-2008-0946)
Vulnerability from cvelistv5
Published
2008-02-25 21:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/ipsimene-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487748/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/27677 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3697 | third-party-advisory, x_refsource_SREASON | |
| http://aluigi.org/poc/ipsimene.zip | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3697"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3697"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3697"
},
{
"name": "http://aluigi.org/poc/ipsimene.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/ipsimene.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0946",
"datePublished": "2008-02-25T21:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0945 (GCVE-0-2008-0945)
Vulnerability from cvelistv5
Published
2008-02-25 21:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/ipsimene-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487748/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/27677 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3697 | third-party-advisory, x_refsource_SREASON | |
| http://aluigi.org/poc/ipsimene.zip | x_refsource_MISC | |
| http://secunia.com/advisories/28824 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3697"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"name": "28824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3697"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"name": "28824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
},
{
"name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
},
{
"name": "27677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27677"
},
{
"name": "3697",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3697"
},
{
"name": "http://aluigi.org/poc/ipsimene.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/ipsimene.zip"
},
{
"name": "28824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0945",
"datePublished": "2008-02-25T21:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3959 (GCVE-0-2007-3959)
Vulnerability from cvelistv5
Published
2007-07-24 18:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/2621 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/25031 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/26154 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018440 | vdb-entry, x_refsource_SECTRACK | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"name": "ADV-2007-2621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2621"
},
{
"name": "25031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25031"
},
{
"name": "26154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26154"
},
{
"name": "1018440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018440"
},
{
"name": "20070723 Ipswitch Instant Messaging Server Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"name": "ADV-2007-2621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2621"
},
{
"name": "25031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25031"
},
{
"name": "26154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26154"
},
{
"name": "1018440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018440"
},
{
"name": "20070723 Ipswitch Instant Messaging Server Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp"
},
{
"name": "ADV-2007-2621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2621"
},
{
"name": "25031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25031"
},
{
"name": "26154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26154"
},
{
"name": "1018440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018440"
},
{
"name": "20070723 Ipswitch Instant Messaging Server Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3959",
"datePublished": "2007-07-24T18:00:00",
"dateReserved": "2007-07-24T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}