Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2002-0463
home.php in ARSC (Really Simple Chat) 1.0.1 and previous versions allows remote malicious users to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
Arsc Really Simple Chat Arsc Really Simple Chat 1.0.1
Arsc Really Simple Chat Arsc Really Simple Chat 1.0
7.5
CVSSv2
CVE-2006-7011
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote malicious users to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
Develooping Flash Chat 4.6
Develooping Flash Chat 4.5.7
Develooping Flash Chat 4.6.1
NA
CVE-2023-26538
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.
Chat Bee Project Chat Bee
4.3
CVSSv2
CVE-2008-2973
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
Mm Chat Mm Chat 1.5
1 EDB exploit
6.8
CVSSv2
CVE-2008-2974
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.
Mm Chat Mm Chat 1.5
1 EDB exploit
7.5
CVSSv2
CVE-2018-12534
A SQL injection issue exists in the Quick Chat plugin prior to 4.00 for WordPress.
Quick Chat Project Quick Chat
7.5
CVSSv2
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
2.6
CVSSv2
CVE-2006-3365
V3 Chat allows remote malicious users to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
V3 Chat V3 Chat Beta
2.6
CVSSv2
CVE-2006-3366
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote malicious users to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter i...
V3 Chat V3 Chat Beta
7 EDB exploits
10
CVSSv2
CVE-2007-1394
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote malicious users to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third pa...
Flat Chat Flat Chat 2.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »