Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime openfire vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2009-1596
Ignite Realtime Openfire prior to 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
Igniterealtime Openfire
760
VMScore
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demo...
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
2 EDB exploits
755
VMScore
CVE-2008-6509
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and previous versions allows remote malicious users to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
1 EDB exploit
435
VMScore
CVE-2008-6510
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
1 EDB exploit
585
VMScore
CVE-2008-6511
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
1 EDB exploit
505
VMScore
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4