528 matches found
JVN#08237727: Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Impact When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. Solution Update the software Update the software to the lates...
Line Earthgarden_waiting Security Vulnerability
Line is the instant messaging platform of Line Inc. A security vulnerability exists in Line Earthgardenwaiting. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-c0696d7b53)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: matrix-synapse-1.80.0-5.fc37
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic
The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam campaigns initially started out on classified sites, on which scammers placed fake advertisements and used social engineering techniques to convince...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
5 Ways to Make Your Instant Messaging More Secure
Make sure your chats are kept as private as you want them to be...
[SECURITY] Fedora 38 Update: matrix-synapse-1.85.2-1.fc38
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-eb65439ec0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: matrix-synapse-1.63.1-3.fc37
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Debian: Security Advisory (DLA-3441-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3441-1] sofia-sip security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3441-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 02, 2023 https://wiki.debian.org/LTS -...
The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.
The vulnerability of Adobe Connect’s instant messaging program is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
SUSE CVE-2012-2214
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service application crash via a sequence of XMPP file-transfer requests...
SUSE CVE-2016-2380
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a...
SUSE CVE-2017-5589
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
PT-2022-5100 · Cisco · Cisco Jabber
Name of the Vulnerable Software and Affected Versions: Cisco Jabber affected versions not specified Description: A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature could allow an authenticated, remote attacker to manipulate the content of XMPP...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications ASAP Communications Billing and Revenue Management Communications BRM - Elastic Charging Engine Communications Design Studio Communications Instant Messaging Server Communications Offline Mediation Controller Communication...
The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system allows a intruder to execute arbitrary commands with administrator privileges.
The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system is related to access control deficiencies. Exploiting this vulnerability could allow ...