14 matches found
EUVD-2012-4594
Malware in sbrugna...
CVE-2012-4671
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
UBUNTU-CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
Fedora 17 : jabberd-2.2.14-4.fc17 (2012-12487)
included patch for 'Vulnerability in XMPP Server Dialback Implementations' http://xmpp.org/resources/security-notices/server-dialback/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automaticall...
FreeBSD Ports: jabberd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Cross site request forgery (csrf)
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2012-4669
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2012-4671
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
FreeBSD : jabberd -- domain spoofing in server dialback protocol (4d1d2f6d-ec94-11e1-8bd8-0022156e8794)
XMPP Standards Foundation reports : Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...
jabberd -- domain spoofing in server dialback protocol
XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...