Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-3451
OpenFire XMPP Server prior to 3.10 accepts self-signed certificates, which allows remote malicious users to perform unspecified spoofing attacks.
Igniterealtime Openfire
5
CVSSv2
CVE-2014-0364
The ParseRoster component in the Ignite Realtime Smack XMPP API prior to 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote malicious users to spoof IQ responses via a crafted attribute.
Igniterealtime Smack
7.5
CVSSv2
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire up to and including 4.4.2 allows malicious users to send arbitrary HTTP GET requests.
Igniterealtime Openfire
5.8
CVSSv2
CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API prior to 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive inform...
Igniterealtime Smack
NA
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenti...
Igniterealtime Openfire
1 Metasploit module
14 Github repositories
3 Articles
7.8
CVSSv2
CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire prior to 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb&...
Igniterealtime Openfire
4.3
CVSSv2
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an malicious user to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue&...
Igniterealtime Openfire 4.5.1
5
CVSSv2
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
3.5
CVSSv2
CVE-2020-35127
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
Igniterealtime Openfire 4.6.0
3.5
CVSSv2
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
Igniterealtime Openfire 4.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »