CVE-2014-3088

stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as...

Lotus Sametime 8.5.1 - Password Disclosure

No description provided by source...

IBM Lotus Sametime <= 8.0 - Multiplexer Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29328/info IBM Lotus Sametime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can...

IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow

No description provided by source. $Id: dominosametimestmux.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

openSUSE Security Update : pidgin (openSUSE-SU-2013:0511-1)

Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes : - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded bnc806975. - Update to version 2.10.7 bnc804742 : + Alien hatchery : - No changes +...

openSUSE Security Update : pidgin (openSUSE-2012-29)

pidgin was updated to version 2.10.1 + AIM and ICQ : - Fix remotely-triggerable crashes by validating strings in a few messages related to buddy list management bnc736147, CVE-2011-4601. + Bonjour : - IPv6 fixes + Gadu-Gadu : - Fix problems linking against GnuTLS. + IRC : - Fix a memory leak when...

openSUSE Security Update : pidgin (openSUSE-SU-2013:0405-1)

pidgin was updated to fix security issues : - Fix a crash when receiving UPnP responses with abnormally long values. CVE-2013-0274 - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. CVE-2013-0273 - Fix a bug where the MXit server or a man-in-the-middle could...

CVE-2014-3867

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

CVE-2014-3867

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

CVE-2014-3867

The CVE-2014-3867 entry concerns IBM Sametime Meeting Server versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1 that do not set the HTTPOnly flag for an unspecified cookie in an HTTPS session. This omission can allow remote attackers to access potentially sensitive data via script access to the coo...

CVE-2014-0906

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a 1 expired or 2 invalidated cookie...

CVE-2013-3984

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3014

Cross-site scripting XSS vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-3982

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page...

CVE-2013-3980

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service room unusability by generating a large number of fictitious users to enter a meeting room...

CVE-2013-3981

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors...

CVE-2013-3975

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search...

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

CVE-2013-3977

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names...