Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ignite vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-24604
A Reflected XSS vulnerability exists in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote malicious users to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "sea...
Igniterealtime Openfire 4.5.1
NA
CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API prior to 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive inform...
Igniterealtime Smack
NA
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
NA
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x prior to 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the...
Redhat Jboss Fuse
Igniterealtime Smack Api
4.8
CVSSv3
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server prior to 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypass...
Igniterealtime Openfire
NA
CVE-2014-0364
The ParseRoster component in the Ignite Realtime Smack XMPP API prior to 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote malicious users to spoof IQ responses via a crafted attribute.
Igniterealtime Smack
8.8
CVSSv3
CVE-2020-12772
An issue exists in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with th...
Igniterealtime Spark 2.8.3
1 Github repository
8.1
CVSSv3
CVE-2020-10650
A deserialization flaw exists in jackson-databind up to and including 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory,...
Fasterxml Jackson-databind
Oracle Retail Merchandising System 15.0
Oracle Retail Sales Audit 14.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6