EUVD-2008-0877

Malware in sbrugna...

EUVD-2003-1211

Malware in sbrugna...

EUVD-2009-3010

Malware in sbrugna...

SUSE CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

Information Disclosure

pidgin is vulnerable to information disclosure. It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the use...

IBM Tivoli Application Dependency Discovery Manager Information Disclosure Vulnerability (CNVD-2018-10545)

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in a suite of IT service management solutions from IBM USA that provides robust automated application mapping and discovery to help administrators understand the structure, state, configuration and change history of business...

UBUNTU-CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2014-09200)

IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. An information disclosure vulnerability exists in IBM...

IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2014-09198)

IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. An information disclosure vulnerability exists in IBM...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...

finch, libpurple, pidgin security update

CentOS Errata and Security Advisory CESA-2009:1453 Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging...

Moderate: Red Hat Security Advisory: pidgin security update

Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on...

pidgin: ignores SSL/TLS requirements with old jabber servers

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

DEBIAN-CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

CVE-2009-1898

CVE-2009-1898 affects IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35. The issue is that the secure login page in the Administrative Console does not redirect HTTP requests to HTTPS, enabling a remote attacker to read session contents by sniffing network traffic. Connected sources co...

CVE-2008-0870

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session...

Session fixation

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session...

CVE-2003-1221

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL t3s is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions...

CVE-2002-2077

The vulnerability CVE-2002-2077 affects the DCOM client on Windows 2000 prior to SP3. The issue arises because memory is not properly cleared before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. Connected Red Hat/CVE ...