RSS   Vulnerabilities for 'Gajim'   RSS

2017-05-27
 
CVE-2016-10376

 

 
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

 
2016-01-15
 
CVE-2015-8688

 

 
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

 
2014-02-07
 
CVE-2012-5524

CWE-20
 

 
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

 
2012-11-23
 
CVE-2012-2086

CWE-89
 

 
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.

 
2012-08-28
 
CVE-2012-2085

 

 
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.

 
2012-05-18
 
CVE-2012-2093

CWE-59
 

 
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

 


Copyright 2024, cxsecurity.com

 

Back to Top