Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prosody prosody 0.9.4 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x prior to 0.9.9 allows remote malicious users to read arbitrary files via a .. (dot dot) in an unspecified path.
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Prosody Prosody 0.9.3
Prosody Prosody 0.9.2
Prosody Prosody 0.9.1
Prosody Prosody 0.9.0
Prosody Prosody 0.9.8
Prosody Prosody 0.9.6
Prosody Prosody 0.9.4
Prosody Prosody 0.9.7
Prosody Prosody 0.9.5
Debian Debian Linux 7.0
Debian Debian Linux 8.0
445
VMScore
CVE-2016-1232
The mod_dialback module in Prosody prior to 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for malicious users to spoof servers via a brute force attack.
Prosody Prosody 0.9.6
Prosody Prosody 0.9.4
Prosody Prosody 0.9.3
Prosody Prosody 0.9.2
Prosody Prosody 0.9.1
Prosody Prosody 0.9.0
Prosody Prosody
Prosody Prosody 0.9.7
Prosody Prosody 0.9.5
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Debian Debian Linux 8.0
Debian Debian Linux 7.0
694
VMScore
CVE-2014-2745
Prosody prior to 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and ...
Prosody Prosody 0.8.2
Prosody Prosody 0.8.0
Prosody Prosody 0.1.0
Prosody Prosody 0.3.0
Prosody Prosody 0.9.2
Prosody Prosody 0.6.2
Prosody Prosody 0.6.0
Prosody Prosody 0.4.1
Prosody Prosody 0.5.0
Prosody Prosody 0.5.1
Prosody Prosody 0.4.2
Prosody Prosody 0.5.2
Prosody Prosody 0.6.1
Prosody Prosody
Prosody Prosody 0.9.1
Prosody Prosody 0.4.0
Prosody Prosody 0.2.0
Prosody Prosody 0.7.0
Prosody Prosody 0.8.1
Prosody Prosody 0.9.0
694
VMScore
CVE-2014-2744
plugins/mod_compression.lua in (1) Prosody prior to 0.9.4 and (2) Lightwitch Metronome up to and including 3.4 negotiates stream compression while a session is unauthenticated, which allows remote malicious users to cause a denial of service (resource consumption) via compressed ...
Lightwitch Metronome
Prosody Prosody 0.6.2
Prosody Prosody 0.6.0
Prosody Prosody 0.4.1
Prosody Prosody 0.5.0
Prosody Prosody 0.5.1
Prosody Prosody 0.4.2
Prosody Prosody 0.5.2
Prosody Prosody 0.6.1
Prosody Prosody
Prosody Prosody 0.9.1
Prosody Prosody 0.4.0
Prosody Prosody 0.2.0
Prosody Prosody 0.7.0
Prosody Prosody 0.8.1
Prosody Prosody 0.9.0
Prosody Prosody 0.8.2
Prosody Prosody 0.8.0
Prosody Prosody 0.1.0
Prosody Prosody 0.3.0
Prosody Prosody 0.9.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started