9 matches found
EUVD-2014-2770
Malware in sbrugna...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
CVE-2014-2743
plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
Code injection
plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
CVE-2014-2743
plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
CVE-2014-2744
CVE-2014-2744 affects Prosody (Lua XMPP server) before 0.9.4 and Lightwitch Metronome through 3.4. The vulnerability arises when stream compression is negotiated during an unauthenticated session, allowing a remote attacker to cause a denial of service via highly compressed XML elements in an XMP...
CVE-2014-2743
Lightwitch Metronome up to version 3.4 is affected by a flaw in plugins/mod_compression.lua that does not properly restrict processing of compressed XML elements. This enables remote attackers to cause denial of service by sending a crafted XMPP stream (an “xmppbomb” attack), compromising availab...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...