EUVD-2017-14690

Malware in sbrugna...

yaxim - XMPP/Jabber client - Customized SSL, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application yaxim - XMPP/Jabber client published at the 'play' market has multiple vulnerabilities...

Yaxim and Bruno User Simulation Vulnerabilities

yaxim and Bruno are both products of Georg Lukas. yaxim Yet Another XMPP Instant Messenger is an XMPP client with a clean user interface and open source GPLv2. Bruno is the best Jabber / XMPP Instant Messaging IM application. Bruno is the best Jabber / XMPP Instant Messaging IM application. A use...

XMPP Clients User Impersonation Vulnerability

Exploit for multiple platform in category local exploits Multiple XMPP Clients User Impersonation Vulnerability Summary ------- An incorrect implementation of XEP-0280: Message Carbons0 in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerabl...

CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

Design/Logic Flaw

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

CVE-2017-5589

Technical details about CVE-2017-5589 are not provided in the connected documents. The initial description mentions impersonation via XEP-0280 in Yaxim, but no concrete affected products, versions, impact, or fixes are given here. Monitor for updates.

CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

PT-2017-16594 · Slixmpp +5 · Slixmpp +6

Name of the Vulnerable Software and Affected Versions: yaxim and Bruno versions 0.8.6 through 0.8.8 SleekXMPP versions up to 1.3.1 Slixmpp versions up to 1.2.3 poezio versions 0.8 through 0.10 Movim versions 0.8 through 0.10 converse.js versions prior to 1.0.7 for 1.x or 2.0.5 for 2.x Description...