63 matches found
EUVD-2017-14690
Malware in sbrugna...
EUVD-2017-14703
Malware in sbrugna...
EUVD-2017-0129
Malware in sbrugna...
EUVD-2017-14691
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-5591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the...
SUSE CVE-2017-5591
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...
SUSE CVE-2017-5589
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...
SUSE CVE-2017-5593
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...
SUSE CVE-2017-5592
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity 0.4.7 - 0.5.0...
SUSE CVE-2017-5603
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...
SUSE CVE-2017-5604
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4...
GHSA-C35G-JR5F-H83P SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...
SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...
GHSA-W973-2QCC-P78X User Impersonation in converse.js
Versions of converse.js prior to 1.0.7 for 1.x or 2.0.5 for 2.x are vulnerable to User Impersonation. The package provides an incorrect implementation of XEP-0280: Message Carbons that allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display...
Fedora 29 : dino (2019-0eb6d51f81)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
Debian: Security Advisory (DSA-4524-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...
UBUNTU-CVE-2019-16235
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...
Social Engineering Attacks Via Impersonation
converse.js is vulnerable to various social engineering attacks via a loophole leading to impersonation. It can happen due to a flaw in implementation of XEP-0280: Message Carbons in multiple XMPP clients, allowing malicious user to impersonate any user, including contacts, in the vulnerable...
XMPP Clients User Impersonation Vulnerability
Exploit for multiple platform in category local exploits Multiple XMPP Clients User Impersonation Vulnerability Summary ------- An incorrect implementation of XEP-0280: Message Carbons0 in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerabl...