Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prosody prosody 0.9.7 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x prior to 0.9.9 allows remote malicious users to read arbitrary files via a .. (dot dot) in an unspecified path.
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Prosody Prosody 0.9.3
Prosody Prosody 0.9.2
Prosody Prosody 0.9.1
Prosody Prosody 0.9.0
Prosody Prosody 0.9.8
Prosody Prosody 0.9.6
Prosody Prosody 0.9.4
Prosody Prosody 0.9.7
Prosody Prosody 0.9.5
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-1232
The mod_dialback module in Prosody prior to 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for malicious users to spoof servers via a brute force attack.
Prosody Prosody 0.9.6
Prosody Prosody 0.9.4
Prosody Prosody 0.9.3
Prosody Prosody 0.9.2
Prosody Prosody 0.9.1
Prosody Prosody 0.9.0
Prosody Prosody
Prosody Prosody 0.9.7
Prosody Prosody 0.9.5
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Debian Debian Linux 8.0
Debian Debian Linux 7.0
6.5
CVSSv2
CVE-2018-10847
prosody prior to 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP ...
Prosody Prosody 0.10.0
Prosody Prosody 0.10.1
Prosody Prosody
5
CVSSv2
CVE-2016-0756
The generate_dialback function in the mod_dialback module in Prosody prior to 0.9.10 does not properly separate fields when generating dialback keys, which allows remote malicious users to spoof XMPP network domains via a crafted stream id and domain name that is included in the ...
Prosody Prosody
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started