0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LAN Messenger v1.2.28 - Persistent Software Vulnerability
Title: ====== LAN Messenger v1.2.28 - Persistent Software Vulnerability Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= LAN Messenger is a free and open source cross-platform instant messaging application for communication over a local network. It does not require a server. A number of useful features including event notifications, file transfer and message logging are provided. (Copy of the Website: http://lanmsngr.sourceforge.net ) Details: ======== A persistent software vulnerability is detected in in LAN Messenger v1.2.28. The bug is located in the profile display & nickname validation of the software. The vulnerability allows an attacker (remote) to implement own malicious script codes as profile. The code is getting executed when the attacker writes the victim a message. The vulnerable nickname input is getting executed as output of the messagebox when processing to write a message. Successful exploitation can lead in persistent hijacking, external malicious redirects, persistent script code execution to compromise the connected network client system. Vulnerable Module(s): [+] Username as seen by Contacts - Messagebox Display & Input Risk: ===== The security risk of the persistent remote web vulnerability is estimated as high. # 0day.today [2024-12-26] #