Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...

MGASA-2017-0166 Updated gajim packages fix security vulnerability

Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...

[slackware-security] pidgin

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/pidgin-2.10.11-i486-1slack14.1.txz: Upgraded. This update contains login fixes for MSN and some XMPP servers. Where to find the new...

Server side request forgery (ssrf)

Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

Server side request forgery (ssrf)

Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...