Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ignite realtime vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-20366
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
Igniterealtime Openfire 4.4.4
383
VMScore
CVE-2019-20365
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
Igniterealtime Openfire 4.4.4
NA
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the ROOM_CACHE component.
670
VMScore
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire up to and including 4.4.2 allows malicious users to send arbitrary HTTP GET requests.
Igniterealtime Openfire
NA
CVE-2024-25420
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the admin.authorizedJIDs system property component.
445
VMScore
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire up to and including 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Igniterealtime Openfire
1 Github repository
505
VMScore
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
405
VMScore
CVE-2009-1595
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire prior to 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire
Igniterealtime Openfire 3.4.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 3.6.1
Igniterealtime Openfire 3.6.0a
Igniterealtime Openfire 3.6.2
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
1 EDB exploit
383
VMScore
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an malicious user to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
Igniterealtime Openfire 4.5.1
668
VMScore
CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Atlassian Bamboo 2.4.1
Atlassian Bamboo 2.6.2
Atlassian Bamboo 5.7
Atlassian Bamboo 2.5.2
Atlassian Bamboo 3.4.5
Atlassian Bamboo 2.7.3
Atlassian Bamboo 2.4.3
Atlassian Bamboo 3.1
Atlassian Bamboo 5.2.1
Atlassian Bamboo 5.4
Atlassian Bamboo 2.5
Atlassian Bamboo 5.0
Atlassian Bamboo 5.2.2
Atlassian Bamboo 3.4.2
Atlassian Bamboo 2.6.3
Atlassian Bamboo 2.5.1
Atlassian Bamboo 5.4.2
Atlassian Bamboo 3.0
Atlassian Bamboo 4.4.1
Atlassian Bamboo 5.6
Atlassian Bamboo 4.2.1
Atlassian Bamboo 4.4.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »