Lucene search
K
Process-oneEjabberd

8 matches found

CVE
CVE
added 2010/02/03 7:0 p.m.76 views

CVE-2010-0305

CVE-2010-0305 affects ejabberd prior to 2.1.3, where ejabberd_c2s.erl can be triggered by a large number of client-to-server (c2s) messages to overload the server queue, causing a denial of service (daemon crash). The vulnerability is network-exploitable with low attack complexity and no authenti...

5CVSS6.3AI score0.03105EPSS
CVE
CVE
added 2009/03/18 1:0 a.m.72 views

CVE-2009-0934

CVE-2009-0934 describes a cross-site scripting (XSS) vulnerability in ejabberd up to version 2.0.4, where remote attackers could inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. Public advisories confirm the issue as remote and require upgrading to a fixed re...

4.3CVSS5.4AI score0.01604EPSS
CVE
CVE
added 2011/06/21 1:0 a.m.69 views

CVE-2011-1753

CVE-2011-1753 affects ejabberd prior to 2.1.7 and 3.x prior to 3.0.0-alpha-3, and exmpp prior to 0.9.7. The issue is improper detection of recursion during XML entity expansion, enabling a remote attacker to induce memory and CPU exhaustion (DoS) through a crafted XML document with a large number...

5CVSS6.8AI score0.02125EPSS
CVE
CVE
added 2007/02/13 8:0 p.m.66 views

CVE-2007-0903

The vulnerability concerns the ejabberd server, specifically the mod_roster_odbc module, with affected versions listed as before 1.1.3. The connected records indicate an unspecified vulnerability with unknown impact and attack vectors; no concrete root cause or exploitation details are provided i...

10CVSS6.5AI score0.01808EPSS
CVE
CVE
added 2006/05/05 7:0 p.m.52 views

CVE-2006-2221

The CVE-2006-2221 entry describes a vulnerability in a third-party installer generator tool (likely BitRock InstallBuilder) used by products such as Process-one ejabberd 1.1.1_1 and earlier. The issue enables a local denial of service via a symlink attack on the temporary bitrock_installer.log fi...

2.1CVSS6.2AI score0.00371EPSS
CVE
CVE
added 2012/02/18 12:0 a.m.52 views

CVE-2011-4320

The CVE-2011-4320 issue affects the mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3. An unauthenticated? or remote authenticated user can trigger a denial of service by sending a publish stanza without a node attribute, causing an infinite loop. The root cause is input vali...

4CVSS6AI score0.02083EPSS
CVE
CVE
added 2013/10/17 11:0 p.m.49 views

CVE-2013-6169

CVE-2013-6169 affects ejabberd: the TLS driver in ejabberd before 2.1.12 accepts SSLv2 and weak ciphers, enabling remote attackers to obtain sensitive information via brute-force. Affected product: ejabberd (pre-2.1.12). Impact: potential exposure of sensitive data; integrity and confidentiality ...

4.3CVSS5.9AI score0.01595EPSS
CVE
CVE
added 2014/10/25 12:0 a.m.44 views

CVE-2014-8760

CVE-2014-8760 affects ejabberd prior to 2.1.13, where the starttls_required setting is not enforced when compression is used, allowing connections to be established without encryption. Public disclosures/ advisories (Debian DLA-881-1, Mandriva MDVSA entries, Mageia advisory) document the issue an...

5CVSS6.3AI score0.01314EPSS