Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ignite vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1273
Spring Data Commons, versions before 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted r...
Pivotal Software Spring Data Commons
Pivotal Software Spring Data Rest
Apache Ignite 1.0.0
Apache Ignite
5 Github repositories
5.3
CVSSv3
CVE-2018-9159
In Spark prior to 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Sparkjava Spark
4.8
CVSSv3
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server prior to 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypass...
Igniterealtime Openfire
7.5
CVSSv3
CVE-2017-7686
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where...
Apache Ignite 1.6.0
Apache Ignite 1.4.0
Apache Ignite 1.3.0
Apache Ignite 1.2.0
Apache Ignite 1.1.0
Apache Ignite 1.9.0
Apache Ignite 1.7.0
Apache Ignite 1.5.0
Apache Ignite 1.0.0
Apache Ignite 2.0.0
Apache Ignite 1.8.0
5.9
CVSSv3
CVE-2016-6805
Apache Ignite prior to 1.9 allows man-in-the-middle malicious users to read arbitrary files via XXE in modified update-notifier documents.
Apache Ignite
9.8
CVSSv3
CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Atlassian Bamboo 5.9.7
Atlassian Bamboo 5.9.4
Atlassian Bamboo 5.8
Atlassian Bamboo 5.7.2
Atlassian Bamboo 5.4.2
Atlassian Bamboo 5.4.1
Atlassian Bamboo 5.1
Atlassian Bamboo 5.0.1
Atlassian Bamboo 5.0
Atlassian Bamboo 4.4.5
Atlassian Bamboo 4.4.4
Atlassian Bamboo 4.3.2
Atlassian Bamboo 4.3.1
Atlassian Bamboo 4.0
Atlassian Bamboo 3.4.5
Atlassian Bamboo 3.3.3
Atlassian Bamboo 3.3.2
Atlassian Bamboo 3.3
Atlassian Bamboo 3.0.3
Atlassian Bamboo 2.7
Atlassian Bamboo 2.6.3
Atlassian Bamboo 2.5.1
NA
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
NA
CVE-2015-6972
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/client...
Igniterealtime Openfire 3.10.2
1 EDB exploit
NA
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
NA
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x prior to 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the...
Redhat Jboss Fuse
Igniterealtime Smack Api
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »