CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

SUSE CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

Cisco Jabber 输入验证错误漏洞

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an input validation error vulnerability that originates as a result of...

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

The vulnerability of the Cisco Jabber for Windows software platform, related to insufficient validation of input data, allows a perpetrator to trigger a service failure state.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure by sending specially crafted XMPP messages...

Cisco Meeting Server XMPP Denial of Service Vulnerability

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the Extensible Messaging and Status Protocol XMPP feature in Cisco...

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

pidgin: remote information leak via crafted XMPP message

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message...

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affect...

Cisco Unified Contact Center Express Security Bypass Vulnerability

Cisco Unified Contact Center Express is a single-server, integrated contact center for formal and informal contact centers. A security bypass vulnerability exists in the Extensible Messaging and Presence Protocol XMPP service for Cisco Unified Contact Center Express UCCx, which can be exploited b...

Yaxim and Bruno User Simulation Vulnerabilities

yaxim and Bruno are both products of Georg Lukas. yaxim Yet Another XMPP Instant Messenger is an XMPP client with a clean user interface and open source GPLv2. Bruno is the best Jabber / XMPP Instant Messaging IM application. Bruno is the best Jabber / XMPP Instant Messaging IM application. A use...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

UBUNTU-CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

XMPP Cleartext Authentication

The remote Extensible Messaging and Presence Protocol XMPP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid87736; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date...

DEBIAN-CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

Cisco Unified Presence XMPP Denial of Service Vulnerability

The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...