Vulnerabilities > Prosody

DATE	CVE	VULNERABILITY TITLE	RISK
2016-01-29	CVE-2016-0756	Improper Input Validation vulnerability in Prosody The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. network low complexity prosody CWE-20	5.3
2016-01-12	CVE-2016-1232	The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. network low complexity prosody fedoraproject debian	7.5
2016-01-12	CVE-2016-1231	Path Traversal vulnerability in multiple products Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. network high complexity fedoraproject prosody debian CWE-22	5.9

Vulnerabilities > Prosody {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Prosody"}]}