Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime openfire vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2009-1596
Ignite Realtime Openfire prior to 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
Igniterealtime Openfire
7.5
CVSSv2
CVE-2008-6509
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and previous versions allows remote malicious users to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.2
1 EDB exploit
5.8
CVSSv2
CVE-2008-6511
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.4.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demo...
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
2 EDB exploits
4.3
CVSSv2
CVE-2008-6510
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.3.3
1 EDB exploit
5
CVSSv2
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4