969 matches found
CVE-2014-0364
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...
CVE-2014-0363
CVE-2014-0363 affects Ignite Realtime Smack XMPP API: ServerTrustManager fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, enabling MITM spoofing of servers and potential data leakage. The vulnerability is in the Smack API prior to 4.0.0-rc1. Remed...
CVE-2014-0364
CVE-2014-0364 affects Ignite Realtime Smack XMPP API: the ParseRoster component does not verify the From attribute of a roster-query IQ stanza, enabling remote spoofing of IQ responses. Documented in multiple sources (NVD entry and vendor advisories) and corroborated by Red Hat and IBM security b...
CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
Ignite Realtime Smack XMPP API contains multiple vulnerabilities
Overview Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates CWE-358 and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. CWE-345 Description CWE-358:Improperly Implemented Security Check for Standard- CVE-2014-0363 The...
Design/Logic Flaw
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
CVE-2014-2741
Openfire before 3.9.2 is affected by a denial-of-service due to improper restriction in nio/XMLLightweightParser.java when processing compressed XML in XMPP streams (xmppbomb). Exploitation can exhaust resources on the server via crafted XMPP traffic. The issue is fixed in Openfire 3.9.2 and late...
[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...
[SECURITY] Fedora 20 Update: rtkit-0.11-7.fc20
RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHEDRR i.e. realtime scheduling mode on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes...
IBSng A1.24 Cross Site Scripting
-============== In The Name Of God ==============- Title : IBSng Version A1.24 Cross Site Scripting Vulnerability Author : IRaNHaCK Security Team Tested on : 7 , Xp , Backtrack Vendor : http://ibs.sourceforge.net/ Date : 2013-08-05 Our Website : WWW.IRaNHaCK.ORG -====================- 1-...
Avira Personal Privilege Escalation Vulnerability
Avira Personal appears to suffer from a privilege escalation vulnerability. ============================================ Tested on OS: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 2600 ============================================ Vulnerable Software: Avira Personal Tested version of...
[SECURITY] Fedora 18 Update: cumin-0.1.5522-4.fc18
Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG...
Fedora Update for cumin FEDORA-2012-17854
Check for the Version of cumin OpenVAS Vulnerability Test Fedora Update for cumin FEDORA-2012-17854 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
Fedora Update for cumin FEDORA-2012-17863
Check for the Version of cumin OpenVAS Vulnerability Test Fedora Update for cumin FEDORA-2012-17863 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
[SECURITY] Fedora 16 Update: cumin-0.1.5522-4.fc16
Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG...
CVE-2012-3459
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
Cross site request forgery (csrf)
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...
Cross site request forgery (csrf)
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
Design/Logic Flaw
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...