Unauthorized Access Vulnerability in Baidu's Skyworks Intelligence Platform Retained Message

Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. An unauthorized access vulnerability exists in Baidu Tiangong Intelligent...

The vulnerability of the spring-messaging module of the Spring Framework allows a perpetrator to execute arbitrary code.

The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted message...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

pidgin: remote information leak via crafted XMPP message

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message...

ALPINE-CVE-2017-11665

The ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

DEBIAN-CVE-2017-11665

The ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affect...

Cisco Unified Contact Center Express Security Bypass Vulnerability

Cisco Unified Contact Center Express is a single-server, integrated contact center for formal and informal contact centers. A security bypass vulnerability exists in the Extensible Messaging and Presence Protocol XMPP service for Cisco Unified Contact Center Express UCCx, which can be exploited b...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

UBUNTU-CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

Cisco WebEx - nativeMessaging Remote Command Execution

Cisco WebEx - nativeMessaging Remote Command Execution !-- Cisco's WebEx extension jlhmfgmfgeifomenelglieieghnjghma has 20M active users, and is part of Cisco's popular web conferencing software. The extension works on any URL that contains the magic pattern...

DEBIAN-CVE-2016-2365

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger th...

CVE-2016-6445

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of the Cisco Meeting Server CMS before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XM...

PT-2016-5137 · Pidgin +3 · Pidgin +3

Name of the Vulnerable Software and Affected Versions: Pidgin affected versions not specified Description: An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or...

UBUNTU-CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution...

PT-2016-5140 · Pidgin +3 · Pidgin +3

Name of the Vulnerable Software and Affected Versions: Pidgin affected versions not specified Description: An out-of-bounds write issue exists in the handling of the MXIT protocol, which could be triggered by specially crafted MXIT data sent via the server, potentially causing memory corruption a...

Cisco Jabber for Windows STARTTLS Downgrade Vulnerability

Cisco Jabber for Windows is a unified communications, collaborative work application. A security vulnerability exists in the Send Screen Capture feature of Cisco Jabber for Windows. An attacker could exploit the vulnerability to cause a client to establish an XMPP connection in plain text...

RHEL 5 : qpid-cpp (RHSA-2015:0662)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0662 advisory. Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased...

Moderate: Red Hat Security Advisory: qpid-cpp security and bug fix update

Updated qpid-cpp packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base score...

jabberd information disclosure vulnerability

jabberd is a live chat server based on XMMP an open XML-based real-time communication protocol. An information disclosure vulnerability exists in jabberd. An attacker can exploit this vulnerability to obtain sensitive information...