Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2002-0463
home.php in ARSC (Really Simple Chat) 1.0.1 and previous versions allows remote malicious users to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
Arsc Really Simple Chat Arsc Really Simple Chat 1.0.1
Arsc Really Simple Chat Arsc Really Simple Chat 1.0
668
VMScore
CVE-2006-7011
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote malicious users to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
Develooping Flash Chat 4.6
Develooping Flash Chat 4.5.7
Develooping Flash Chat 4.6.1
NA
CVE-2023-26538
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.
Chat Bee Project Chat Bee
668
VMScore
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
435
VMScore
CVE-2008-2973
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
Mm Chat Mm Chat 1.5
1 EDB exploit
685
VMScore
CVE-2008-2974
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.
Mm Chat Mm Chat 1.5
1 EDB exploit
231
VMScore
CVE-2006-3365
V3 Chat allows remote malicious users to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
V3 Chat V3 Chat Beta
295
VMScore
CVE-2006-3366
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote malicious users to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter i...
V3 Chat V3 Chat Beta
7 EDB exploits
890
VMScore
CVE-2006-7036
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote malicious users to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the or...
Andys Chat Andys Chat 4.5
668
VMScore
CVE-2018-12534
A SQL injection issue exists in the Quick Chat plugin prior to 4.00 for WordPress.
Quick Chat Project Quick Chat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »