Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0463
home.php in ARSC (Really Simple Chat) 1.0.1 and previous versions allows remote malicious users to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
Arsc Really Simple Chat Arsc Really Simple Chat 1.0.1
Arsc Really Simple Chat Arsc Really Simple Chat 1.0
NA
CVE-2006-7011
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote malicious users to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
Develooping Flash Chat 4.6
Develooping Flash Chat 4.5.7
Develooping Flash Chat 4.6.1
4.8
CVSSv3
CVE-2023-26538
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.
Chat Bee Project Chat Bee
NA
CVE-2006-7036
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote malicious users to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the or...
Andys Chat Andys Chat 4.5
NA
CVE-2007-1394
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote malicious users to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third pa...
Flat Chat Flat Chat 2.0
1 EDB exploit
NA
CVE-2006-3365
V3 Chat allows remote malicious users to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
V3 Chat V3 Chat Beta
NA
CVE-2006-3366
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote malicious users to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter i...
V3 Chat V3 Chat Beta
7 EDB exploits
9.8
CVSSv3
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
NA
CVE-2007-1613
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
Mpm Chat Mpm Chat 2.5
1 EDB exploit
7.5
CVSSv3
CVE-2019-14367
Slack-Chat up to and including 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
Slack-chat Project Slack-chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »