Lucene search
K

7 matches found

CNVD
CNVD
added 2016/12/29 12:0 a.m.3 views

Ignite Realtime Smack Man-in-the-Middle Security Bypass Vulnerability

Ignite Realtime Smack is the open source XMPP client library for instant messaging and presentation. A security bypass vulnerability exists in Exponent Ignite Realtime Smack versions prior to version 4.1.9. Successful exploitation of this vulnerability may allow an attacker to perform unauthorize...

5.9CVSS6.7AI score0.01519EPSS
Exploits0References1
Prion
Prion
added 2016/02/08 7:59 p.m.17 views

Design/Logic Flaw

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

7.5CVSS7.9AI score0.02338EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2016/02/08 7:59 p.m.30 views

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

9.8CVSS9.7AI score0.02338EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/02/08 7:0 p.m.34 views

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

9.8AI score0.02338EPSS
Exploits0References4
NVD
NVD
added 2014/04/30 10:49 a.m.20 views

CVE-2014-0364

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...

5CVSS6.3AI score0.06242EPSS
Exploits0References6
NVD
NVD
added 2014/04/30 10:49 a.m.22 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.8CVSS5.7AI score0.0123EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/04/30 10:0 a.m.36 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.5AI score0.0123EPSS
Exploits0References7
Rows per page
Query Builder