1099 matches found
Xmpp 安全漏洞
Xmpp is a set of Xmpp-related libraries and tools for Go open-sourced by the Mellium Co-op. A security vulnerability exists in Xmpp versions 0.0.1 through 0.21.4 that stems from an unchecked section type, which allows response spoofing...
CVE-2024-46957
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...
CVE-2024-46957
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...
CVE-2024-46957
Summary: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 are vulnerable to response spoofing because the stanza type is not checked when IDs are predictable. This can enable an attacker to spoof responses and may lead to compromise. The issue is fixed in version 0.22.0. Affected software: M...
CVE-2024-39094
Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...
CVE-2024-39094
Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...
PT-2024-28348 · Friendica · Friendica
Name of the Vulnerable Software and Affected Versions: Friendica version 2024.03 Description: The issue is related to Cross Site Scripting XSS in the settings/profile section via the homepage, xmpp, and matrix parameters. This allows for potential malicious script execution. Recommendations: For...
CVE-2024-39094
Friendica 2024.03 is affected by a Cross‑Site Scripting (XSS) vulnerability in the settings/profile area accessible via the homepage, xmpp, and matrix parameters. The issue targets the settings/profile component and is exploited through crafted input in those parameters, with details indicating u...
CVE-2024-39094
Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...
RHEL 7 : python-twisted (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing f...
FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...
Improper Privilege Management
org.igniterealtime.openfire:xmppserver is vulnerable to Improper Privilege Management. The vulnerability is caused by the lack of proper validation of user privileges when a user account is deleted and subsequently recreated with the same username. This allows an attacker to exploit the system an...
Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act DMA went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability interop t...
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 - Openfire Authentication Bypass This reposito...
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber.ru aka xmpp.ru, an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode a subsidiary of Akamai in Germany. "The attacker has issued several new TLS...
Messaging Service Wiretap Discovered through Expired TLS Cert
Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...
Ubuntu 18.04 ESM : Prosody vulnerability (USN-4834-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4834-1 advisory. It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issu...
CVE-2022-20917
A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...
Design/Logic Flaw
A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...
CVE-2022-20917
A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...