Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

process-one ejabberd vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2013-6169
The TLS driver in ejabberd prior to 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote malicious users to obtain sensitive information via a brute-force attack.
Process-one Ejabberd 2.1.0Process-one Ejabberd 2.0.5Process-one Ejabberd 2.0.4Process-one Ejabberd 2.0.3Process-one Ejabberd 0.9.8Process-one Ejabberd 0.9.1Process-one Ejabberd 0.9Process-one Ejabberd 2.1.9Process-one Ejabberd 2.1.7Process-one Ejabberd 2.1.6Process-one Ejabberd 2.1.5Process-one Ejabberd 2.0.0Process-one Ejabberd 1.1.3Process-one Ejabberd 1.1.2Process-one Ejabberd 1.1.14Process-one Ejabberd 1.1.1.1Process-one Ejabberd 2.1.11Process-one Ejabberd 2.1.8Process-one Ejabberd 2.1.4Process-one Ejabberd 2.1.2Process-one Ejabberd 2.0.1 2Process-one Ejabberd 1.1.1
5
CVSSv2
CVE-2010-0305
ejabberd_c2s.erl in ejabberd prior to 2.1.3 allows remote malicious users to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Process-one Ejabberd 1.1.2Process-one Ejabberd 0.9.8Process-one Ejabberd 2.0.2Process-one Ejabberd 2.0.1 2Process-one Ejabberd 2.1.1Process-one Ejabberd 2.0.3Process-one Ejabberd 0.9.1Process-one Ejabberd 1.1.1.0Process-one Ejabberd 1.1.1.1Process-one Ejabberd 2.0.0Process-one EjabberdProcess-one Ejabberd 2.1.0Process-one Ejabberd 1.0.0Process-one Ejabberd 0.9Process-one Ejabberd 1.1.3Process-one Ejabberd 2.0.5Process-one Ejabberd 2.0.4Process-one Ejabberd 1.1.0Process-one Ejabberd 1.1.1Process-one Ejabberd 1.1.14
4.3
CVSSv2
CVE-2009-0934
Cross-site scripting (XSS) vulnerability in ejabberd prior to 2.0.4 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Process-one Ejabberd 1.0.0Process-one Ejabberd 0.9Process-one Ejabberd 2.0.0Process-one Ejabberd 1.1.14Process-one Ejabberd 1.1.1.1Process-one Ejabberd 1.1.0Process-one Ejabberd 1.1.1Process-one Ejabberd 1.1.2Process-one Ejabberd 0.9.8Process-one Ejabberd 2.0.2Process-one Ejabberd 2.0.1 2Process-one Ejabberd 0.9.1Process-one Ejabberd 1.1.1.0Process-one Ejabberd 1.1.3Process-one Ejabberd
5
CVSSv2
CVE-2011-1753
expat_erl.c in ejabberd prior to 2.1.7 and 3.x prior to 3.0.0-alpha-3, and exmpp prior to 0.9.7, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document co...
Process-one Ejabberd 2.0.5Process-one Ejabberd 2.0.4Process-one Ejabberd 1.1.1.1Process-one Ejabberd 1.1.0Process-one Ejabberd 1.1.1Process-one Ejabberd 1.1.14Process-one Ejabberd 2.1.2Process-one Ejabberd 2.1.1Process-one Ejabberd 2.0.3Process-one Ejabberd 0.9.1Process-one Ejabberd 1.1.1.0Process-one Ejabberd 2.0.0Process-one Ejabberd 3.0.0Process-one Ejabberd 2.1.0Process-one Ejabberd 1.0.0Process-one Ejabberd 0.9Process-one Ejabberd 1.1.3Process-one Ejabberd 2.1.5Process-one EjabberdProcess-one Ejabberd 1.1.2Process-one Ejabberd 0.9.8Process-one Ejabberd 2.0.2
10
CVSSv2
CVE-2007-0903
Unspecified vulnerability in the mod_roster_odbc module in ejabberd prior to 1.1.3 has unknown impact and attack vectors.
Process-one Ejabberd 0.9.8Process-one Ejabberd 1.0.0Process-one Ejabberd 1.1.0Process-one Ejabberd 1.1.1Process-one Ejabberd 1.1.2Process-one Ejabberd 0.9Process-one Ejabberd 0.9.1
4
CVSSv2
CVE-2011-4320
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Process-one Ejabberd 2.1.8Process-one Ejabberd 3.0.0
2.1
CVSSv2
CVE-2006-2221
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and previous versions, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.lo...
Process-one Ejabberd 1.1.1.0Bitrock Install BuilderProcess-one Ejabberd
5
CVSSv2
CVE-2014-8760
ejabberd prior to 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
Process-one Ejabberd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook