Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Gajim'
2017-05-27
CVE-2016-10376
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
2016-01-15
CVE-2015-8688
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
2014-02-07
CVE-2012-5524
CWE-20
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
2012-11-23
CVE-2012-2086
CWE-89
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
2012-08-28
CVE-2012-2085
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
2012-05-18
CVE-2012-2093
CWE-59
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Gajim' 
Polish
English