Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-1962
SQL injection vulnerability in PCPIN Chat 5.0.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username field (login parameter) to main.php.
Pcpin Pcpin Chat 3.1.6
Pcpin Pcpin Chat 3.1.7r
Pcpin Pcpin Chat 5.0.3
Pcpin Pcpin Chat 5.0.4
Pcpin Pcpin Chat 3.2.3
Pcpin Pcpin Chat 4.0
Pcpin Pcpin Chat 3.1.5
Pcpin Pcpin Chat 5.0.1
Pcpin Pcpin Chat 5.0.2
Pcpin Pcpin Chat 3.2.0
Pcpin Pcpin Chat 3.2.1
5.5
CVSSv2
CVE-2006-1963
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and previous versions allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image ...
Pcpin Pcpin Chat 3.1.7r
Pcpin Pcpin Chat 3.2.0
Pcpin Pcpin Chat 5.0.1
Pcpin Pcpin Chat 5.0.2
Pcpin Pcpin Chat 3.1.5
Pcpin Pcpin Chat 3.1.6
Pcpin Pcpin Chat 5.0.3
Pcpin Pcpin Chat 5.0.4
Pcpin Pcpin Chat 3.2.1
Pcpin Pcpin Chat 3.2.3
Pcpin Pcpin Chat 4.0
6.5
CVSSv2
CVE-2014-8998
lib/message.php in X7 Chat 2.0.0 up to and including 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
X7chat X7 Chat 2.0.0
X7chat X7 Chat 2.0.2
X7chat X7 Chat 2.0.3
X7chat X7 Chat 2.0.1
X7chat X7 Chat 2.0.5
X7chat X7 Chat 2.0.5.1
X7chat X7 Chat 2.0.4.3
X7chat X7 Chat 2.0.4.4
X7chat X7 Chat 2.0.4
X7chat X7 Chat 2.0.4.1
1 EDB exploit
6.8
CVSSv2
CVE-2012-6047
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
X7 Group X7 Chat 1.3.6
X7 Group X7 Chat 1.3.5b
X7 Group X7 Chat 1.3.4b
X7 Group X7 Chat 1.3.3b
X7 Group X7 Chat
X7 Group X7 Chat 1.1.1b
X7 Group X7 Chat 1.0.0b
X7 Group X7 Chat 2.0.3
X7 Group X7 Chat 2.0.0
X7 Group X7 Chat 1.3.2b
X7 Group X7 Chat 1.3.0b
X7 Group X7 Chat 1.1.2b
X7 Group X7 Chat 2.0.4.4
X7 Group X7 Chat 2.0.2
X7 Group X7 Chat 1.3.1b
X7 Group X7 Chat 1.2.0b
1 EDB exploit
7.5
CVSSv2
CVE-2008-4718
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and previous versions allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
X7 Group X7 Chat 1.3.5b
X7 Group X7 Chat 1.3.4b
X7 Group X7 Chat 1.1.1b
X7 Group X7 Chat 1.0.0b
X7 Group X7 Chat
X7 Group X7 Chat 1.3.1b
X7 Group X7 Chat 1.3.0b
X7 Group X7 Chat 2.0.0
X7 Group X7 Chat 1.3.6
X7 Group X7 Chat 1.2.0b
X7 Group X7 Chat 1.1.2b
X7 Group X7 Chat 1.3.3b
X7 Group X7 Chat 1.3.2b
2 EDB exploits
6.5
CVSSv2
CVE-2012-6554
functions/html_to_text.php in the Chat module prior to 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with th...
A51dev Activecollab Chat Module 1.0
A51dev Activecollab Chat Module 1.5
A51dev Activecollab Chat Module 1.1
A51dev Activecollab Chat Module 1.1.1
A51dev Activecollab Chat Module 1.2
A51dev Activecollab Chat Module 1.3
A51dev Activecollab Chat Module 1.3.2
A51dev Activecollab Chat Module 1.4
A51dev Activecollab Chat Module 1.4.1
A51dev Activecollab Chat Module 1.5.1
1 EDB exploit
5
CVSSv2
CVE-2015-8601
The Chat Room module 7.x-2.x prior to 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote malicious users to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vecto...
Chat Room Project Chat Room 7.x-2.0
Chat Room Project Chat Room 7.x-2.1
4.3
CVSSv2
CVE-2014-4513
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parame...
Activehelper Activehelper Livehelp Live Chat
Activehelper Activehelper Livehelp Live Chat 2.6.0
Activehelper Activehelper Livehelp Live Chat 2.9.0
Activehelper Activehelper Livehelp Live Chat 2.7.5
Activehelper Activehelper Livehelp Live Chat 2.7.4
Activehelper Activehelper Livehelp Live Chat 2.7.3
Activehelper Activehelper Livehelp Live Chat 2.7.0
Activehelper Activehelper Livehelp Live Chat 3.0.0
Activehelper Activehelper Livehelp Live Chat 2.9.2
Activehelper Activehelper Livehelp Live Chat 2.6.7
Activehelper Activehelper Livehelp Live Chat 2.6.2
Activehelper Activehelper Livehelp Live Chat 2.9.5
Activehelper Activehelper Livehelp Live Chat 2.9.1
Activehelper Activehelper Livehelp Live Chat 2.6.5
Activehelper Activehelper Livehelp Live Chat 2.6.1
6.4
CVSSv2
CVE-2006-2156
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and previous versions allows remote malicious users to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
X7 Group X7 Chat 1.3.2b
X7 Group X7 Chat 1.3.3b
X7 Group X7 Chat 1.3.4b
X7 Group X7 Chat 1.3.5b
X7 Group X7 Chat 1.3.6
X7 Group X7 Chat 2.0
1 EDB exploit
NA
CVE-2023-4298
The 123.chat WordPress plugin prior to 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite set...
123.chat 123.chat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »