EUVD-2009-3069

Malware in sbrugna...

EUVD-2011-4526

Malware in sbrugna...

EUVD-2013-6286

Malware in sbrugna...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

SUSE CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service crash via a crafted XMPP Last Message Correction XEP-0308 message in multi-user chat, where the message ID equals the correction ID...

SUSE CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attack...

Pidgin 信任管理问题漏洞

Pidgin is a cross-platform real-time communication client from the Pidgin community. The program supports several popular real-time communication protocols, and users can log into different real-time communication services with the same software. A security vulnerability exists in Pidgin that ste...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin...

The vulnerabilities of the software for Cisco TelePresence Video Communication Server and Cisco Expressway Series, as well as the Unified Communications Manager IM and Presence Service software, are due to insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerabilities of the Cisco TelePresence Video Communication Server and Cisco Expressway Series software, as well as the Unified Communications Manager IM and Presence Service software, exist due to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers t...

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were...

Vibease Wireless Remote Vibrator app for Android and Vibease Chat app for iOS vulnerabilities

Vibease Wireless Remote Vibrator app for Android is a wireless remote control app based on Android platform.Vibease Chat app for iOS is an online chat software based on iOS platform. A security vulnerability exists in the Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app f...

[SECURITY] Fedora 25 Update: python-sleekxmpp-1.3.2-1.fc25

SleekXMPP is a flexible XMPP library for python that allows you to create clients, components or servers for the XMPP protocol. Plug-ins can be create to cover every current or future XEP...

CVE-2016-6445

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of the Cisco Meeting Server CMS before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XM...

Openfire 3.10.2 - Privilege Escalation

Openfire 3.10.2 - Privilege Escalation + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...

Incorrect handling of self signed certificates in OpenFire XMPP Server

Incorrect handling of self signed certificates in OpenFire XMPP Server Affected software: OpenFire XMPP server Affected versions: 3.9.3 and earlier Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080 Openfire is a real time collaboration RTC server licensed under the Open Source Apache Licens...

Jappix Cross Site Scripting

Affected software: https://jappix.org/ Discovered by: Provensec Website: http://www.provensec.com Type of vulnerability: XSS Stored Description: Jappix is a new, smart and powerful social platform. We think each of us should own his own data, that’s why we’ve made Jappix decentralized. Jappix is...

Ubuntu: Security Advisory (USN-2100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-6483

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service NULL pointer dereference and...

DEBIAN-CVE-2013-6483

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service NULL pointer dereference and...