aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amsn | amsn | 0.90 |
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amsn | amsn | * |
login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amsn | amsn | 0.90 |
| amsn | amsn | 0.95 |
| amsn | amsn | * |
| amsn | amsn | 0.83 |
| amsn | amsn | 0.94 |
| amsn | amsn | 0.91 |
| amsn | amsn | 0.92 |
| amsn | amsn | 0.93 |
| amsn | amsn | 0.96 |