Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jabber vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-10807
JabberD 2.x (aka jabberd2) prior to 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
Jabberd2 Jabberd2
NA
CVE-2009-3615
The OSCAR protocol plugin in libpurple in Pidgin prior to 2.6.3 and Adium prior to 1.3.7 allows remote malicious users to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
Adium Adium 1.3.3
Adium Adium 1.3.4
Adium Adium 1.0.3
Adium Adium 1.3
Adium Adium 1.1.3
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.0.0
Adium Adium 1.3.5
Adium Adium 1.0
Adium Adium 1.0.4
Adium Adium 1.1
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.2.1
NA
CVE-2009-2703
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin prior to 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
Pidgin Libpurple
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.4.1
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.4.3
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.1.0
Pidgin Pidgin 2.5.7
Pidgin Pidgin 2.1.1
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.5.8
Pidgin Pidgin 2.5.3
NA
CVE-2009-3085
The XMPP protocol plugin in libpurple in Pidgin prior to 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote malicious users to cause a denial of service (application crash) via XHTML-IM content with cid: images.
Pidgin Libpurple
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.8
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.2.0
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.4.3
Pidgin Pidgin 2.1.1
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.4.1
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.2.1
Pidgin Pidgin
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.2.2
NA
CVE-2009-0934
Cross-site scripting (XSS) vulnerability in ejabberd prior to 2.0.4 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Process-one Ejabberd 1.0.0
Process-one Ejabberd 0.9
Process-one Ejabberd 2.0.0
Process-one Ejabberd 1.1.14
Process-one Ejabberd 1.1.1.1
Process-one Ejabberd 1.1.0
Process-one Ejabberd 1.1.1
Process-one Ejabberd 1.1.2
Process-one Ejabberd 0.9.8
Process-one Ejabberd 2.0.2
Process-one Ejabberd 2.0.1 2
Process-one Ejabberd 0.9.1
Process-one Ejabberd 1.1.1.0
Process-one Ejabberd 1.1.3
Process-one Ejabberd
NA
CVE-2009-3083
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin prior to 2.6.2 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain...
Pidgin Libpurple
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.4.3
Pidgin Pidgin 2.4.1
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.1.0
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.5.7
Pidgin Pidgin 2.2.1
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.5.8
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.2.0
Pidgin Pidgin 2.1.1
7.5
CVSSv3
CVE-2017-18265
Prosody prior to 0.10.0 allows remote malicious users to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. ...
Prosody Prosody
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2021-37601
muc.lib.lua in Prosody 0.11.0 up to and including 0.11.9 allows remote malicious users to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
Prosody Prosody
NA
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows re...
Openssl Openssl
Openssl Openssl 1.0.1m
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
1 Article
9.8
CVSSv3
CVE-2020-8086
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
Prosody Mod Auth Ldap
Prosody Mod Auth Ldap2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »