Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2006-11-07 19:07

Modified

2024-11-21 00:20

Severity ?

Summary

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/22670	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/1830
cve@mitre.org	http://securitytracker.com/id?1017163
cve@mitre.org	http://www.securityfocus.com/archive/1/450726/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20930
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4362
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-037.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30059
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22670	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1830
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017163
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/450726/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20930
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4362
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-037.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30059

Impacted products

	Vendor	Product	Version
	aol	icq	5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aol:icq:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED88ADE2-841A-4983-AC47-F7039C26F140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar."
    },
    {
      "lang": "es",
      "value": "El control ActiveX ICQPhone.SipxPhoneManager en America Online ICQ 5.1 permite a atacantes remotos bajar y ejecutar c\u00f3digo de su elecci\u00f3n mediante la funci\u00f3n DownloadAgent, como ha sido demostrado usando un avatar ICQ."
    }
  ],
  "id": "CVE-2006-5650",
  "lastModified": "2024-11-21T00:20:03.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-07T19:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22670"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1830"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/450726/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20930"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4362"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/450726/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30059"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-04-10 23:19

Modified

2024-11-21 00:29

Severity ?

Summary

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24747
cve@mitre.org	http://secunia.com/advisories/24803
cve@mitre.org	http://www.securityfocus.com/bid/23391
cve@mitre.org	http://www.securitytracker.com/id?1017890
cve@mitre.org	http://www.securitytracker.com/id?1017891
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1306
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1307
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33538
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24747
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24803
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23391
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017890
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017891
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1306
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1307
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33538

Impacted products

	Vendor	Product	Version
	aol	icq	*
	aol	instant_messenger	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aol:icq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D80B796-50E3-43AF-BFF9-2B221C7F5E1D",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA96E883-58ED-4D44-AE80-FC544F57634D",
              "versionEndIncluding": "5.9.3861",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en AOL Instant Messenger (AIM) 5.9 y anteriores, e ICQ 5.1 y probablemente anteriores permite a atacantes remotos con la complicidad del usuario mediante secuencias .. (punto punto) en un nombre de fichero en una operaci\u00f3n de transferencia de fichero."
    }
  ],
  "id": "CVE-2007-1904",
  "lastModified": "2024-11-21T00:29:25.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-04-10T23:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24747"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24803"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23391"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017891"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1307"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2006-5650

Vulnerability from cvelistv5

Published

2006-11-07 19:00

Modified

2024-08-07 19:55

Severity ?

Summary

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30059	vdb-entry, x_refsource_XF
	http://securityreason.com/securityalert/1830	third-party-advisory, x_refsource_SREASON
	http://www.zerodayinitiative.com/advisories/ZDI-06-037.html	x_refsource_MISC
	http://securitytracker.com/id?1017163	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/4362	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/450726/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/22670	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/20930	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "aol-icq-code-execution(30059)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30059"
          },
          {
            "name": "1830",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1830"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html"
          },
          {
            "name": "1017163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017163"
          },
          {
            "name": "ADV-2006-4362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4362"
          },
          {
            "name": "20061106 ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/450726/100/0/threaded"
          },
          {
            "name": "22670",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22670"
          },
          {
            "name": "20930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "aol-icq-code-execution(30059)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30059"
        },
        {
          "name": "1830",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1830"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html"
        },
        {
          "name": "1017163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017163"
        },
        {
          "name": "ADV-2006-4362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4362"
        },
        {
          "name": "20061106 ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/450726/100/0/threaded"
        },
        {
          "name": "22670",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22670"
        },
        {
          "name": "20930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "aol-icq-code-execution(30059)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30059"
            },
            {
              "name": "1830",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1830"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-037.html"
            },
            {
              "name": "1017163",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017163"
            },
            {
              "name": "ADV-2006-4362",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4362"
            },
            {
              "name": "20061106 ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/450726/100/0/threaded"
            },
            {
              "name": "22670",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22670"
            },
            {
              "name": "20930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5650",
    "datePublished": "2006-11-07T19:00:00",
    "dateReserved": "2006-11-02T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1904

Vulnerability from cvelistv5

Published

2007-04-10 23:00

Modified

2024-08-07 13:13

Severity ?

Summary

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

References

▼	URL	Tags
	http://www.securitytracker.com/id?1017890	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/33538	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/1307	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1017891	vdb-entry, x_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508	third-party-advisory, x_refsource_IDEFENSE
	http://secunia.com/advisories/24803	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/23391	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/24747	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/1306	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017890",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017890"
          },
          {
            "name": "aim-icq-filetransfer-directory-traversal(33538)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"
          },
          {
            "name": "ADV-2007-1307",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1307"
          },
          {
            "name": "1017891",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017891"
          },
          {
            "name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"
          },
          {
            "name": "24803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24803"
          },
          {
            "name": "23391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23391"
          },
          {
            "name": "24747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24747"
          },
          {
            "name": "ADV-2007-1306",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017890",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017890"
        },
        {
          "name": "aim-icq-filetransfer-directory-traversal(33538)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"
        },
        {
          "name": "ADV-2007-1307",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1307"
        },
        {
          "name": "1017891",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017891"
        },
        {
          "name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"
        },
        {
          "name": "24803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24803"
        },
        {
          "name": "23391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23391"
        },
        {
          "name": "24747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24747"
        },
        {
          "name": "ADV-2007-1306",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017890",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017890"
            },
            {
              "name": "aim-icq-filetransfer-directory-traversal(33538)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"
            },
            {
              "name": "ADV-2007-1307",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1307"
            },
            {
              "name": "1017891",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017891"
            },
            {
              "name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"
            },
            {
              "name": "24803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24803"
            },
            {
              "name": "23391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23391"
            },
            {
              "name": "24747",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24747"
            },
            {
              "name": "ADV-2007-1306",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1904",
    "datePublished": "2007-04-10T23:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to aol - icq

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

cve-2006-5650

Vulnerability from cvelistv5

cve-2007-1904

Vulnerability from cvelistv5