Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire prior to 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb&...
Igniterealtime Openfire
5
CVSSv2
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire up to and including 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Igniterealtime Openfire
7.5
CVSSv2
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire up to and including 4.4.2 allows malicious users to send arbitrary HTTP GET requests.
Igniterealtime Openfire
4.3
CVSSv2
CVE-2019-15488
Ignite Realtime Openfire prior to 4.4.1 has reflected XSS via an LDAP setup test.
Igniterealtime Openfire
NA
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenti...
Igniterealtime Openfire
13 Github repositories
3 Articles
5.8
CVSSv2
CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API prior to 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive inform...
Igniterealtime Smack
6.8
CVSSv2
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
Igniterealtime Openfire 4.4.1
4.3
CVSSv2
CVE-2019-20526
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
Igniterealtime Openfire 4.4.1
4.3
CVSSv2
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
Igniterealtime Openfire 4.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »