Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.

Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.

Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file.