Penetration Testing mailing list archives
Re: IM exploitable vulnerabilities .. any pointers?
From: "Alice Bryson" <abryson () bytefocus com>
Date: Wed, 5 Jul 2006 09:46:06 +0800
hi, GAIM has been found to be exploitable remotely, although it is a old vulnerability. I wish this information may help you. Gaim, an instant messenger client, contains a number of bugs which may allow an attacker to execute arbitrary code on the remote host. To exploit these bugs, an attacker would need to send malformed instant messages to a user of this host. See CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008 mailto:abryson () bytefocus com http://www.lwang.org 2006/6/29, nikun <nikunh () gmail com>:
PS: sorry for sending it to multiple lists, I want all the information I can collect. Hi Guyz, I am compiling a research paper for exploitable vulnerabilities with instant messengers (not website, only IM ... client side) like yahoo, hotmail, gmail, LCS, sametime, jabber and stuff like that. Does anybody have some good references, mailing lists, urls or papers regarding them. Is anybody working actively in this field? This paper is an episode from a series of papers which talk about alternative entry points for hackers and their counter measures. ummm.. Something like OOB access :-) Thankyou, Nikun ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
-- Have a Good Day ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Re: IM exploitable vulnerabilities .. any pointers? Alice Bryson (Jul 04)
- Skype exploitable vulnerabilities and risks pointers Serge Vondandamo (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers Gadi Evron (Jul 12)
- RE: Skype exploitable vulnerabilities and risks pointers Andrew Blair (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers Chris Serafin (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers Cedric Blancher (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers Rubén Díaz Alonso (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers freed0m (Jul 12)
- Re: Skype exploitable vulnerabilities and risks pointers Gadi Evron (Jul 12)
- Re: IM exploitable vulnerabilities .. any pointers? Kusuriya (Jul 13)
- Skype exploitable vulnerabilities and risks pointers Serge Vondandamo (Jul 12)