Lucene search
K

969 matches found

Cvelist
Cvelist
added 2014/04/30 10:0 a.m.27 views

CVE-2014-0364

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...

6.2AI score0.06242EPSS
Exploits0References6
CVE
CVE
added 2014/04/30 10:0 a.m.74 views

CVE-2014-0363

CVE-2014-0363 affects Ignite Realtime Smack XMPP API: ServerTrustManager fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, enabling MITM spoofing of servers and potential data leakage. The vulnerability is in the Smack API prior to 4.0.0-rc1. Remed...

5.8CVSS8.5AI score0.0123EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2014/04/30 10:0 a.m.63 views

CVE-2014-0364

CVE-2014-0364 affects Ignite Realtime Smack XMPP API: the ParseRoster component does not verify the From attribute of a roster-query IQ stanza, enabling remote spoofing of IQ responses. Documented in multiple sources (NVD entry and vendor advisories) and corroborated by Red Hat and IBM security b...

5CVSS8.8AI score0.06242EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/04/30 10:0 a.m.36 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.5AI score0.0123EPSS
Exploits0References7
CERT
CERT
added 2014/04/29 12:0 a.m.35 views

Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Overview Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates CWE-358 and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. CWE-345 Description CWE-358:Improperly Implemented Security Check for Standard- CVE-2014-0363 The...

5.8CVSS9.1AI score0.06242EPSS
Exploits0References6
Prion
Prion
added 2014/04/11 1:55 a.m.18 views

Design/Logic Flaw

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.9AI score0.03774EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/04/11 1:0 a.m.26 views

CVE-2014-2741

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

6.2AI score0.03774EPSS
Exploits0References6
CVE
CVE
added 2014/04/11 1:0 a.m.54 views

CVE-2014-2741

Openfire before 3.9.2 is affected by a denial-of-service due to improper restriction in nio/XMLLightweightParser.java when processing compressed XML in XMPP streams (xmppbomb). Exploitation can exhaust resources on the server via crafted XMPP traffic. The issue is fixed in Openfire 3.9.2 and late...

7.8CVSS6.1AI score0.03774EPSS
Exploits0References6Affected Software1
Kitploit
Kitploit
added 2014/01/14 4:39 a.m.27 views

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

7AI score
Exploits0
Fedora
Fedora
added 2013/10/12 4:29 a.m.41 views

[SECURITY] Fedora 20 Update: rtkit-0.11-7.fc20

RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHEDRR i.e. realtime scheduling mode on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes...

4.6CVSS1.3AI score0.00374EPSS
Exploits0
Packet Storm
Packet Storm
added 2013/08/05 12:0 a.m.30 views

IBSng A1.24 Cross Site Scripting

-============== In The Name Of God ==============- Title : IBSng Version A1.24 Cross Site Scripting Vulnerability Author : IRaNHaCK Security Team Tested on : 7 , Xp , Backtrack Vendor : http://ibs.sourceforge.net/ Date : 2013-08-05 Our Website : WWW.IRaNHaCK.ORG -====================- 1-...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/05/14 12:0 a.m.20 views

Avira Personal Privilege Escalation Vulnerability

Avira Personal appears to suffer from a privilege escalation vulnerability. ============================================ Tested on OS: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 2600 ============================================ Vulnerable Software: Avira Personal Tested version of...

7.3AI score
Exploits0
Fedora
Fedora
added 2013/03/14 2:55 a.m.36 views

[SECURITY] Fedora 18 Update: cumin-0.1.5522-4.fc18

Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG...

7.5CVSS2.2AI score0.02125EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/11/23 12:0 a.m.27 views

Fedora Update for cumin FEDORA-2012-17854

Check for the Version of cumin OpenVAS Vulnerability Test Fedora Update for cumin FEDORA-2012-17854 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

7.5CVSS0.4AI score0.02125EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/11/23 12:0 a.m.23 views

Fedora Update for cumin FEDORA-2012-17863

Check for the Version of cumin OpenVAS Vulnerability Test Fedora Update for cumin FEDORA-2012-17863 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

7.5CVSS0.4AI score0.02125EPSS
Exploits0References2
Fedora
Fedora
added 2012/11/20 3:4 a.m.33 views

[SECURITY] Fedora 16 Update: cumin-0.1.5522-4.fc16

Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG...

7.5CVSS2.2AI score0.02125EPSS
Exploits0
NVD
NVD
added 2012/09/28 5:55 p.m.23 views

CVE-2012-3459

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...

4.9CVSS6.4AI score0.01571EPSS
Exploits0References6
Prion
Prion
added 2012/09/28 5:55 p.m.20 views

Cross site request forgery (csrf)

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...

4CVSS6.5AI score0.02156EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2012/09/28 5:55 p.m.21 views

Cross site request forgery (csrf)

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...

4.9CVSS6.9AI score0.01571EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2012/09/28 5:55 p.m.24 views

Design/Logic Flaw

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

5.8CVSS7AI score0.02203EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder