Mirabilis: Security Vulnerabilities
ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.
CVSS Score
5.0
EPSS Score
0.054
Published
2000-12-11
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-05-29
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
CVSS Score
7.5
EPSS Score
0.047
Published
2000-01-10
ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").
CVSS Score
5.0
EPSS Score
0.008
Published
1999-05-01
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
CVSS Score
5.0
EPSS Score
0.008
Published
1999-04-05
Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.
CVSS Score
5.1
EPSS Score
0.007
Published
1999-01-01
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
CVSS Score
7.5
EPSS Score
0.012
Published
1998-11-11
Page 3