129 matches found
EUVD-2017-2451
Malware in sbrugna...
EUVD-2004-0951
Malware in sbrugna...
EUVD-2013-1237
Malware in sbrugna...
EUVD-2011-1753
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-10807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JabberD 2.x aka jabberd2 before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled...
CVE-2013-1197
The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...
RHSA-2011:0882 Red Hat Security Advisory: Red Hat Network Satellite server jabberd security update
Bulletin has no description...
RHSA-2011:0881 Red Hat Security Advisory: Red Hat Network Proxy server jabberd security update
Bulletin has no description...
RHSA-2012:1539 Red Hat Security Advisory: Red Hat Network Proxy server jabberd security update
Bulletin has no description...
RHSA-2012:1538 Red Hat Security Advisory: Red Hat Network Satellite server jabberd security update
Bulletin has no description...
SUSE CVE-2006-1329
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...
SUSE CVE-2011-1754
jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
SUSE CVE-2017-10807
JabberD 2.x aka jabberd2 before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled...
Denial Of Service (DoS)
jabberd is vulnerable to denial of service. It was found that the jabberd daemon did not properly detect recursion during entity expansion. A remote attacker could provide a specially-crafted XML file containing a large number of nested entity references, which once processed by the jabberd daemo...
Spoofable Domains
jabberd is vulnerable to spoofable domains. The vulnerability exists as s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
JabberD 2.x: Multiple vulnerabilities
Background JabberD 2.x is an open source Jabber server written in C. Description Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact An attacker could possibly escalate privileges by owning system binaries ...
GLSA-201803-07 : JabberD 2.x: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201803-07 JabberD 2.x: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Gentoos JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact : An attacker could possibly escalate...
CVE-2017-18225
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one o...
SUSE-SU-2017:2267-1 Security update for jabberd
This update for jabberd fixes the following issues: - CVE-2017-10807: SASLANONYMOUS authentication method allowed anyone to authentication even if option was disabled bsc1047282...
SUSE-SU-2017:2266-1 Security update for SUSE Manager Proxy 3.1
This update for SUSE Manager Proxy 3.1 provides several fixes and improvements: The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. bsc1047282, CVE-2017-10807 Additionally, the following non-security issues have been fixed: jabberd: - Fix memory leak in pgs...