Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2002-0463
home.php in ARSC (Really Simple Chat) 1.0.1 and previous versions allows remote malicious users to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
Arsc Really Simple Chat Arsc Really Simple Chat 1.0.1
Arsc Really Simple Chat Arsc Really Simple Chat 1.0
7.5
CVSSv2
CVE-2006-7011
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote malicious users to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
Develooping Flash Chat 4.6
Develooping Flash Chat 4.5.7
Develooping Flash Chat 4.6.1
5
CVSSv2
CVE-2019-14367
Slack-Chat up to and including 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
Slack-chat Project Slack-chat
7.5
CVSSv2
CVE-2018-12534
A SQL injection issue exists in the Quick Chat plugin prior to 4.00 for WordPress.
Quick Chat Project Quick Chat
7.5
CVSSv2
CVE-2007-1613
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
Mpm Chat Mpm Chat 2.5
1 EDB exploit
10
CVSSv2
CVE-2007-1394
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote malicious users to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third pa...
Flat Chat Flat Chat 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
2.6
CVSSv2
CVE-2006-3365
V3 Chat allows remote malicious users to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
V3 Chat V3 Chat Beta
2.6
CVSSv2
CVE-2006-3366
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote malicious users to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter i...
V3 Chat V3 Chat Beta
7 EDB exploits
4.3
CVSSv2
CVE-2008-2973
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
Mm Chat Mm Chat 1.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »