14 matches found
EUVD-2012-4594
Malware in sbrugna...
CVE-2012-4671
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
UBUNTU-CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
Fedora 17 : jabberd-2.2.14-4.fc17 (2012-12487)
included patch for 'Vulnerability in XMPP Server Dialback Implementations' http://xmpp.org/resources/security-notices/server-dialback/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automaticall...
FreeBSD Ports: jabberd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Cross site request forgery (csrf)
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
Server side request forgery (ssrf)
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
CVE-2012-4669
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
Server side request forgery (ssrf)
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2012-4671
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
FreeBSD : jabberd -- domain spoofing in server dialback protocol (4d1d2f6d-ec94-11e1-8bd8-0022156e8794)
XMPP Standards Foundation reports : Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...
jabberd -- domain spoofing in server dialback protocol
XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...