5 matches found
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...
MGASA-2017-0166 Updated gajim packages fix security vulnerability
Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...
[slackware-security] pidgin
New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/pidgin-2.10.11-i486-1slack14.1.txz: Upgraded. This update contains login fixes for MSN and some XMPP servers. Where to find the new...
Server side request forgery (ssrf)
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...